hide.me Support

How To Enable TLS 1.1 & TLS 1.2 In Windows 7 and 8

Last modified: April 3, 2022

TLS version 1.0 is not safe anymore and should be disabled. To justify, let’s just name the three biggest attacks that managed to exploit the various TLS 1.0 vulnerabilities discovered within 2011 and 2014: BEASTHeartbleed and POODLE.

This issue doesn’t affect Windows 10 users. But, always install the OS updates through the official channels. However, if you’re still using Windows 7 or Windows 8, you might have to perform some manual tasks in order to get rid of that outdated TLS version.

We can fix this by telling your OS to never use TLS 1.0 anymore, and stick with TLS 1.1 and 1.2 by default. Here’s a small guide explaining how you can do that.

Install the KB3140245 Security Patch

The first thing to do is to download and install the Windows KB3140245.
You can do that using Windows Update, since it’s available as an optional update, or manually download it from the official website (here). Mind the appropriate product version for your OS.

This will equip your OS with TLS versions 1.1 and 1.2.

Update your Windows Registry file to TLS 1.2

You need to patch your Windows Registry file, so that your OS will actually use the new TLS protocol versions (1.2, and 1.1 as a fallback) instead of the outdated and vulnerable 1.0 one.
Microsoft-released patch file was revoked. As a result, this can no longer be done automatically. You need to do it manually by editing the registry file using regedit.

Before proceeding further, we advise you to backup your Registry.

Step 1. Setting the default TLS protocols to TLS 1.1 and 1.2

To begin, press WinKey+R, type regedit and then press enter.

After that, navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

and add New (Edit-New or right-click on WinHttp) DWORD value and name it: DefaultSecureProtocols

Adding a new DWORD to disable TLS 1.0 in Windows 7 or 8

Afterwards, double-click on it and enter this hexadecimal value: 00000A00

Do the same procedure for:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Subsequently, you should end up with entries as shown in the picture below:

How to disable TLS 1.0 via registry on Windows 7 or 8

You have now configured your system to use TLS 1.1 and 1.2. The problematic TLS 1.0 is now disabled.

In order to re-enable TLS 1.0, use the value 00000A80 for DefaultSecureProtocols entries.

(This is not recommended. However, some sites might still require it)

Step 2. Enable TLS 1.1 and 1.2 at the SChannel component level

Firstly, we need to create subkey called Client in each of the following two keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\

Secondly, navigate to appropriate key and create a subkey (Edit-New-Key) called Client

Now we will have keys as shown below and in them we will add another DWORD key called DisabledByDefault

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client


Lastly, set the key value to: 0

You should now have the entries as per image below:

How to disable TLS 1.0 via registry on Windows 7 or 8

Visit this official Microsoft page in order to learn more about the entire topic.

Find other security suggestions on our Blog page.

Conclusion

Windows 10 users don’t require this fix. Disabling TLS 1.0 will patch security vulnerabilities in Windows 7 and Windows 8. We don’t advise re-enabling TLS 1.0.

hide.me Support
Support Ticket
Contact Support

Open a support request and contact our support directly.

Contact Support
Community
Community

Need help? Have something to share? Let our community know about it.

Visit Community
Setup Guide
Open Setup Guides

We have a detailed step-by-step guide which can help you set up a VPN within minutes.

Open Setup Guide
Christmas Sale

Includes 3 months extra

Days

Hrs

Min

Sec

Get the offer