configure SSL/TLS settings via Registry using GPO, follow these steps: - Knowledgebase - CLOUDRAIN

  Categories

Active Directory
1
ADFS
1
Azure AD PowerShell Script
1
Azure AD Services
1
Backup/Restore
4
Computer
13
cPanel - Control Panel
35
CPanel/WHM/Reseller
33
Database MSSQL
5
Databases
11
DNS - Nameserver
6
Domain Management
10
Email
11
Exchange Server
6
FTP
9
Hyper V
1
Installing a Control Panel
7
Linux
1
Mail Filters & SPAM
8
Mobile
11
MS SQL
1
Others
3
Powershell Scripts
28
Security
10
Security
2
SiteWorx (Control Panel)
60
Softaculous
79
SolusVM
19
SSL
13
Ubuntu/Centos/Linux
1
Virus
3
VMware
5
Windows Server
33
Wordpress
18

  Categories

  Tag Cloud

How do I Connect to a Database using SQL Server Management Studi Database Connection using SQL Server Management Studio? DNS Export/Import How to export and import DNS how to export/import the DNS Windows Process Activation Service – Error 13: The data is inval WordPress Installation in Cpanel/Whm Wordpress installation in Cpanel cpanel wordpress installation No connectivity with any of Web Conferencing Edge Servers. No connectivity with any of Web Conferencing Edge Servers. Exter Verify all Web Conferencing Edge Services in the topology are ru and network connectivity is available. PowerShell – Updating Users Email Addresses In Active Directory Updating Users Email Addresses In Active Directory Add/Change/Remove Primary SMTP and Alias smtp in Active Director Add Primary SMTP and Alias smtp in Active Directory Remove Primary SMTP and Alias smtp in Active Directory reconfiguration is not possible Failed at 98% : Unable to find the system volume Failed at 98% : Unable to find the system volume reconfiguration Vmware 98 % failed on system volume Lync Migration to Office 365 Lync Migration from Onpremises to Office 365 Users and Move Disabled users to OU Remove Group from the Disabled Script to delete the file older than 2 days Windows Deployment Services (WDS) PXE Boot Issue Windows PXE Boot Issues This may cause the connection to the WDS server to terminate pre Get a List of Installed Application from computers (PowerShell) Powershell Script list of installed application How to connect Remote Connection Machine connect remote connection how to check database name with size database size database name with size Computer keyboard shortcut keys keyborad shortcut keyboard shortcut key computer Laptop Microsoft Windows shortcut keys list windows shortcut keys ms word shortcut key Word shortcut keys MS Word shortcut keys Excel shortcut keys MS Excel shortcut keys Outlook shortcut keys MS Outlook shortcut keys Windows Key Shortcuts WINKEY shortcuts shortcut keys for special characters Windows System Commands Firefox Keyboard Shortcuts Shortcuts for Mac Finder Shortcuts Chrome Keyboard Shortcuts Email configuration Cpanel email configuration mail configuration DNS error while adding a Parked domain in WHM Script to Add Members in the Azure AD group Undo-SoftDeletedUnifiedGroup Ubuntu SSL Apache Centos SSL Apache How to Fix "A Required Device Isn't Connected or Can't Be Access how to run manual cpanel/whm backup How to force Manually cPanel/WHM to run a backup How to move WHM MySQL data directory how to the stop the config firewall scrolling How To Enable php shell_exec In cPanel Enable exec() with PHP-FPM Enabling PHP-FPM (PHP FastCGI Process Manager) in cPanel/WHM aut 227 entering passive mode ftp connect connection timed out How to Install Imagick on cPanel Server Setting the PHP Max Execution Time on cPanel How To Install Zend OPCache on cPanel Servers Restart on Task Hang Force Non Legacy Backup to Start (WHM/cPanel) Resizing/Expanding tmp Partition RPM database corrupted SQL SERVER – Login Failed. The Login is From an Untrusted Domain Login Failed. The Login is From an Untrusted Domain and Cannot b Why is “Application permissions” disabled in Azure AD's “Request application permissions" is grayed out Export Azure App Service Certificate & Upload to Azure App Servi SSL certificate App service SSL certificate How to Generate a CSR for Microsoft IIS 8 IIS8 CSR Generation in IIS8 How to Generate a CSR for Amazon EC2 (AWS) How to Generate a CSR for Apache Web Server Using OpenSSL How to Generate a CSR for Plesk 10 Bulk upload to Azure Cosmos using C# How to Open Ports for Passive FTP in CSF Passive FTP in CSF (Configserver Firewall & Security) this could be due to credssp encryption oracle remediation CredSSP Encryption Oracle Remediation Create the .well-known folder in IIS well-known/pki-validation hidden directory using Microsoft IIS M Resize your Linux root '/' mount with LVM how to increease dev/mapper/ubuntu--vg-ubuntu--l Powershell script to get the ISP is Up or Down with email Option powershell script to get the ISP details system details computer details serial number of computer EmailAddress Active Directory data with SamAccountName Department Name Title with Active users SharePoint Duplicate site creation Computer Details Report Computer Details using JSON post configure SSL/TLS settings via Registry using GPO PowerShell Script to take Mongo DB Backup Compress and upload to storage account

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

configure SSL/TLS settings via Registry using GPO, follow these steps: Print

  • configure SSL/TLS settings via Registry using GPO
  • 0

To configure SSL/TLS settings via Registry using GPO, follow these steps:

Step 1: Open Group Policy Management

  1. Press Win + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.
    • If using a domain environment, open Group Policy Management Editor (gpmc.msc) and create or edit an existing GPO.

Step 2: Modify SSL/TLS Settings via Registry using GPO

Since SSL/TLS settings are controlled via the Windows Registry, we will use Group Policy Preferences to apply these registry changes.

1. Navigate to the Registry Settings in GPO

  • In Group Policy Management Editor, go to:
     
    Computer Configuration > Preferences > Windows Settings > Registry
  • Right-click and select New > Registry Item.

Step 3: Add Registry Keys for SSL/TLS

We will modify Schannel (Secure Channel) settings.

1. Disable TLS 1.0 & 1.1

For TLS 1.0

  • Path:

     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 0 (Disabled)

  • Path:

     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 0 (Disabled)

For TLS 1.1

  • Path:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 0 (Disabled)

  • Path:

     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 0 (Disabled)

2. Enable TLS 1.2 & TLS 1.3

For TLS 1.2

  • Path:

     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 1 (Enabled)

  • Path:

     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 1 (Enabled)

For TLS 1.3

  • Path:

     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 1 (Enabled)

  • Path:

     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client
    • Value Name: Enabled
    • Value Type: REG_DWORD
    • Value Data: 1 (Enabled)

3. Configure SSL Cipher Suites (Optional)

To define SSL/TLS cipher suites, modify the following registry key:

  • Path:
     
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
    • Value Name: Functions
    • Value Type: REG_SZ
    • Value Data: (Example for TLS 1.2 and TLS 1.3)
      plaintext
       
      TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

Step 4: Apply and Enforce GPO

  1. Close Group Policy Management Editor.
  2. Run the following command to apply the policy:
    cmd
     
    gpupdate /force
  3. Restart the computers for the settings to take effect.

Step 5: Verify SSL/TLS Configuration

To check if the settings are applied correctly:

PowerShell: Check Enabled TLS Versions

Open PowerShell (Admin) and run:

powershell
 
[Net.ServicePointManager]::SecurityProtocol

It should return:

Tls12, Tls13

PowerShell: Check Available Cipher Suites

Run:

powershell
 
Get-TlsCipherSuite

This will display the enabled cipher suites.

Conclusion

Now, your system is hardened by: ✅ Disabling weak TLS 1.0 & TLS 1.1
✅ Enabling TLS 1.2 & TLS 1.3
✅ Configuring strong cipher suites via Registry using GPO

This method ensures secure encryption settings are enforced across all systems in your domain.

Was this answer helpful?

Related Articles

Configure SSL/TLS
« Back

Powered by WHMCompleteSolution