1 – Delete subkeys in TLS 1.0, Client and Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0
2 – From an Admin Prompt, Run
IPCONFIG /FLUSHDNS
NBTSTAT -R
NBTSTAT -RR
NETSH INT IP RESET
NETSH INT IPV4 RESET
NETSH INT IPV6 RESET
NETSH WINSOCK RESET
3 – Restart computer or disable/reenable WLAN.
But why?
Why does this happen? Most likely, your computer is using an authentication protocol based on TLS 1.0 (example, PEAP-MSCHAPv2 or EAP-TLS); this could be back-end or front-end protocols or configs. Something else to point out, TLS protocols can be dependent of specific .NET frameworks, making securing your computer or network even more complex, especially if you use apps based on certain frameworks. Specificity will be key to providing the best security, while understanding what you can and can’t disable.
Some general notes on the frameworks and supported TLS
- .NET 4.6 and above. You don’t need to do any additional work to support TLS 1.2; it’s supported by default. TLS 1.1 is supported. TLS 1.0 is supported.
- .NET 4.5. TLS 1.2 is supported, but it’s not a default protocol. You need to opt-in to use it. TLS 1.1 is supported. TLS 1.0 is supported.
- .NET 4.0. TLS 1.2 is not supported, but if you have .NET 4.5, or later, installed on the computer, then you still can opt in for TLS 1.2, even if your application framework doesn’t support it. TLS 1.0 is supported.
- .NET 3.5 or below. TLS 1.2 is not supported and there is no workaround. Upgrade your application to more recent version of the framework. TLS 1.0 is supported.
more from Microsoft on TLS… on frameworks…
Notes
If that doesn’t work, take a look at disabling the power management on the Wi-Fi adapter
1 – On the network adapter, go to the power management tab.
2 – Uncheck the Allow this computer to turn off this device to save power. Click on OK.
3 – Restart computer
Edit or Create Group Policy via Registry Editor
1 – Navigate to the following path in Registry Editor
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\
2 – Create a GroupPolicy subkey
3 – Inside of HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy, right-click in the right pane and select New > DWORD. Name it fMinimizeConnections
4 – Restart computer
Other
1 – Within the device manager, under VIEW, choose Show hidden devices
2 – Disabled the Microsoft wifi direct virtual adapter
3 – Disable the Microsoft hosted network virtual adapter
4 – Restart computer
Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows
.NET Framework version history