SSL and TLS v1.0 were the earlier encrypted protocols to deliver secure content over the Internet. They have now been superseded by SSL 2.0 and SSL 3.0 & TLS v1.1 and v1.2. TLS is now the de facto secure encryption protocol

In Windows – all TLS versions are enabled by default.

To Disable (or Enable) these protocols you can use a tool called IISCrypto ( URL)

The above shows TLS 1.0 disabled and both 1.1 and 1.2 enabled. Originally all checkboxes showed greyed out check marks (ie all protocols are on by default)

The registry entry for the SCHANNEL shows no relevant entries in Protocols for granular control

In ISSCrypto, once you uncheck and recheck the three protocol boxes the relevant registry keys are created (Server side only if you uncheck “Set Client Side Protocols”). You then need to re-boot the server for these new settings to take effect.

Here is an example of TLS 1.0 disabled in the newly added key and sub-keys

And here is the Registry structure with TLS 1.1 and TLS 1.2 enabled

Note that DisabledByDefault DWORD is set to 0 (ie NOT disabled by default) and the the Enabled DWORD is 0xffffffff which is the same as 1 (1 is used in Microsoft documentation but this alternative to 1 is created by IISCrypto)

Beware that RDP will be disabled if all versions of TLS are disabled. Current all versions of RDP (as updated by Win updates) now support TLS 1.1 and 1.2. So disabling TLS 1.0 has no effect on RDP (like in the old days)

This is what happens if you disable all TLS versions

Use nMap to check used SSL/TLS protocol and ciphers

Using the tool NMAP https://nmap.org/download.html  you can test SSL / TLS security levels. And using the nmap command

nmap -p 3389 --script ssl-enum-ciphers 127.0.0.1

Scans the RDP port (default port 3389) and shows the following output after disabling TLS 1.0 on Client and Server side.

Scanning the computer locally or from another machine produces the same result; note no mention of TLS 1.0 meaning that TLS 1.0 is disabled.