Skip to main content
All CollectionsRemediations
TLS Version 1.0 Protocol Detection (Windows) (IIS Crypto) Vulnerability
TLS Version 1.0 Protocol Detection (Windows) (IIS Crypto) Vulnerability
Alan Butcher avatar
Written by Alan Butcher
Updated over 2 years ago

The TLS Version 1.0 Protocol Detection Vulnerability when detected with a vulnerability scanner will report it as a CVSS 6.5 (v3).

CVSS is a scoring system for vulnerability systems, its an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:

Transport Layer Security (TLS) versions 1.0 and 1.1 were superseded by TLSv1.2 in 2008, which has now itself been superseded by TLSv1.3. It is therefore timely to further deprecate these old versions. The expectation is that TLSv1.2 will continue to be used for many years alongside TLSv1.3.

TLSv1.1 and TLSv1.0 are also actively being deprecated in accordance with guidance from government agencies and industry consortia such as the Payment Card Industry Association (PCI).

To help remediate this vulnerability, this document will make the use of IIS Crypto tool.

To download IIS Crypto please visit: https://www.nartac.com/Products/IISCrypto/Download

To enable TLSv1.2 please check the box for TLS 1.2 as shown in the image below.

To disable TLSv1.0 please uncheck the box for TLS 1.0 as shown in the image below.

After making all the changes required, reboot the server for the changes to take effect. Restarting the services will now implement the changes.

Did this answer your question?