Disable insecure connections from .NET apps
- Windows onlyThis script improves your privacy on Windows
- Single actionThis page belongs to a script, containing basic changes to achieve a task.
- Impact: Medium
System Functionality / Data Loss Risk: Moderate
This action improves privacy with minimal impact when you run the recommended script.
This action improves privacy with some impact when you run the recommended script. - Batch (batchfile)These changes use Windows system commands to update your settings.
- Administrator rights requiredThis script requires privilege access to do the system changes
- Fully reversible
You can fully restore this action (revert back to the original behavior) using this website.
The restore/revert methods provided here can help you fix issues.
Overview
This script improves security by enforcing secure network connections across all .NET applications.
By setting the SchUseStrongCrypto
configuration 1 2 3 4, it prevents the use of outdated
and insecure connections, including:
- Protocols weaker than TLS 1.1 1 4 and TLS 1.2 1 2 4.
- Cipher algorithms such as RC4 4 5, NULL 6, DES 6, and export suites 6.
- Hash algorithms like MD5 6.
Authorities like Microsoft 1, and Department of Defense (DoD) 3 recommend this configuration as part of their security guidelines.
This script applies to all .NET applications on the system 1. A .NET application is any software developed using Microsoft's .NET platform 7. This includes many third-party and system applications on Windows, like PowerShell 8. A .NET application can be various of types, ranging from mobile apps to cloud services 7.
This script affects only the client-side (outgoing) connections of an application 1. It secures outgoing data from the application without changing how incoming data is handled.
You must restart your system after running this script to activate the security improvements 2 5.
This script may disrupt applications relying on legacy services that lack support for modern cryptographic standards 1.
This script is only recommended if you understand its implications.
Some non-critical or features may no longer function correctly after running this script.
This script can be fully reversed to restore changes if something goes wrong.
Sources
- Transport Layer Security (TLS) best practices with .NET Framework. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
Archived: https://web.archive.org/web/20240503121044/https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls - Manage SSL/TLS protocols and cipher suites for AD FS. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
Archived: https://web.archive.org/web/20240503121339/https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enabling-strong-authentication-for-net-applications - The SchUseStrongCrypto registry value must be set.. www.stigviewer.com. (2024).
Original: https://www.stigviewer.com/stig/tanium_7.x/2022-08-24/finding/V-253876
Archived: https://web.archive.org/web/20240503121520/https://www.stigviewer.com/stig/tanium_7.x/2022-08-24/finding/V-253876 - How to enable Transport Layer Security (TLS) 1.2 on clients - Configuration Manager. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client
Archived: https://web.archive.org/web/20240503121100/https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client - Microsoft Security Advisory 2960358. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/2960358
Archived: https://web.archive.org/web/20240503121456/https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/2960358 - TLS (Schannel SSP). Microsoft Learn. (2024).
Original: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server
Archived: https://web.archive.org/web/20240503121605/https://learn.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server#sch_use_strong_crypto-option-changes - .NET - Wikipedia. en.wikipedia.org. (2024).
Original: https://en.wikipedia.org/wiki/.NET
Archived: https://web.archive.org/web/20240503121040/https://en.wikipedia.org/wiki/.NET - What is PowerShell? - PowerShell. Microsoft Learn. learn.microsoft.com. (2024).
Original: https://learn.microsoft.com/en-us/powershell/scripting/overview
Archived: https://web.archive.org/web/20240503103126/https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.4
Apply Now
Choose one of three ways to apply:
Download script
Download and run the script directly- No app needed
- Offline usage
- Easy-to-apply
- Free
- Open-source
Help
How to apply or restore "Disable insecure connections from .NET apps" using script
- ≈ 2 min to complete
- Tools: Web Browser
- Difficulty: Simple
- ≈ 5 instructions
- 1
Download
Download the script file by clicking on thebutton above.
Use button above to restore changes. - 2
Keep the file
If warned by your browser, keep the file. - 3
Open
Open the downloaded file. - 4
Exit
Once it's done, press any key to exit the window. - 5
Restart
Restart your computer for all changes to take effect.
Apply with privacy.sexy
Guided, automated application with safety checks- Recommended for most users
- Includes safety checks
- Free
- Open-source
- Popular
- Offline/Online usage
Help
How to apply or restore "Disable insecure connections from .NET apps" using privacy.sexy
- ≈ 3 min to complete
- Tools: privacy.sexy
- Difficulty: Simple
- ≈ 4 instructions
- 2
Choose script
- Search for the script name: Disable insecure connections from .NET apps
- Check the script by clicking on the checkbox.
- 3
Run
Click on ▶️ Run button at the bottom of the page.This button only appears on desktop version (recommended). On browser, use 💾 Save button.
- Apply
- Revert
:: Configure "SchUseStrongCrypto" for .NET applications
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727'; $data = '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727'; $data = '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'; $data = '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'; $data = '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Suggest restarting computer for changes to take effect
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn = $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
Ijo6IFJlc3RvcmUgXCJTY2hVc2VTdHJvbmdDcnlwdG9cIiBjb25maWd1cmF0aW9uIGZvciAuTkVUIGFwcGxpY2F0aW9uc1xuOjogRGVsZXRlIHRoZSByZWdpc3RyeSB2YWx1ZSBcIkhLTE1cXFNPRlRXQVJFXFxNaWNyb3NvZnRcXC5ORVRGcmFtZXdvcmtcXHYyLjAuNTA3MjchU2NoVXNlU3Ryb25nQ3J5cHRvXCJcblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCJyZWcgZGVsZXRlICdIS0xNXFxTT0ZUV0FSRVxcTWljcm9zb2Z0XFwuTkVURnJhbWV3b3JrXFx2Mi4wLjUwNzI3JyAvdiAnU2NoVXNlU3Ryb25nQ3J5cHRvJyAvZiAyPiRudWxsXCJcbjo6IERlbGV0ZSB0aGUgcmVnaXN0cnkgdmFsdWUgXCJIS0xNXFxTT0ZUV0FSRVxcV09XNjQzMk5vZGVcXE1pY3Jvc29mdFxcLk5FVEZyYW1ld29ya1xcdjIuMC41MDcyNyFTY2hVc2VTdHJvbmdDcnlwdG9cIlxuUG93ZXJTaGVsbCAtRXhlY3V0aW9uUG9saWN5IFVucmVzdHJpY3RlZCAtQ29tbWFuZCBcInJlZyBkZWxldGUgJ0hLTE1cXFNPRlRXQVJFXFxXT1c2NDMyTm9kZVxcTWljcm9zb2Z0XFwuTkVURnJhbWV3b3JrXFx2Mi4wLjUwNzI3JyAvdiAnU2NoVXNlU3Ryb25nQ3J5cHRvJyAvZiAyPiRudWxsXCJcbjo6IERlbGV0ZSB0aGUgcmVnaXN0cnkgdmFsdWUgXCJIS0xNXFxTT0ZUV0FSRVxcTWljcm9zb2Z0XFwuTkVURnJhbWV3b3JrXFx2NC4wLjMwMzE5IVNjaFVzZVN0cm9uZ0NyeXB0b1wiXG5Qb3dlclNoZWxsIC1FeGVjdXRpb25Qb2xpY3kgVW5yZXN0cmljdGVkIC1Db21tYW5kIFwicmVnIGRlbGV0ZSAnSEtMTVxcU09GVFdBUkVcXE1pY3Jvc29mdFxcLk5FVEZyYW1ld29ya1xcdjQuMC4zMDMxOScgL3YgJ1NjaFVzZVN0cm9uZ0NyeXB0bycgL2YgMj4kbnVsbFwiXG46OiBEZWxldGUgdGhlIHJlZ2lzdHJ5IHZhbHVlIFwiSEtMTVxcU09GVFdBUkVcXFdPVzY0MzJOb2RlXFxNaWNyb3NvZnRcXC5ORVRGcmFtZXdvcmtcXHY0LjAuMzAzMTkhU2NoVXNlU3Ryb25nQ3J5cHRvXCJcblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCJyZWcgZGVsZXRlICdIS0xNXFxTT0ZUV0FSRVxcV09XNjQzMk5vZGVcXE1pY3Jvc29mdFxcLk5FVEZyYW1ld29ya1xcdjQuMC4zMDMxOScgL3YgJ1NjaFVzZVN0cm9uZ0NyeXB0bycgL2YgMj4kbnVsbFwiXG46OiBTdWdnZXN0IHJlc3RhcnRpbmcgY29tcHV0ZXIgZm9yIGNoYW5nZXMgdG8gdGFrZSBlZmZlY3RcblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCIkbWVzc2FnZSA9ICdGb3IgdGhlIGNoYW5nZXMgdG8gZnVsbHkgdGFrZSBlZmZlY3QsIHBsZWFzZSByZXN0YXJ0IHlvdXIgY29tcHV0ZXIuJzsgJHdhcm4gPSAgJGZhbHNlOyBpZiAoJHdhcm4pIHsgV3JpdGUtV2FybmluZyBcIl5cIlwiJG1lc3NhZ2VcIl5cIlwiOyB9IGVsc2UgeyBXcml0ZS1Ib3N0IFwiXlwiXCJOb3RlOiBcIl5cIlwiIC1Gb3JlZ3JvdW5kQ29sb3IgQmx1ZSAtTm9OZXdMaW5lOyBXcml0ZS1PdXRwdXQgXCJeXCJcIiRtZXNzYWdlXCJeXCJcIjsgfVwiIg==
Help
How to apply or restore "Disable insecure connections from .NET apps" using commands
- ≈ 2 min to complete
- Tools: Command Prompt
- Difficulty: Medium
- ≈ 3 instructions
- 1
Open Command Prompt
Open Command Prompt as Administrator. - 2
Copy code
Copy the code: - 3
Paste & run
Paste the commands into Command Prompt and press Enter to run.Some changes require a system restart to take effect
Similar Guides
Wider Goal
Guides below includes this guide to achieve a wider goal.See other more general settings that includes this one as one of its actions.
These plans combine multiple privacy settings, including this one, for stronger protection.
- Disable insecure connections
- Improve network security
- Security improvements
This category includes scripts designed to enhance users' security and privacy by disabling outdated or vulnerable connections across the system. It safeguards dat...
This category is dedicated to improving network security. It aims to minimize vulnerabilities by offering various settings that improve the integrity and confident...
This category encompasses a range of scripts designed to improve the security of your system by enforcing security best practices. These scripts help protect your ...
Same Goal
Other guides in Disable insecure connectionsSee settings that are in the same category as this guide.
Using other actions in the same category may help you achieve your goal better.
About the Creators
These people have authored this documentation and written its scripts:
Reviewed By
This guide has undergone comprehensive auditing and peer review:Expert review by undergroundwires
- Verified technical accuracy and editorial standards
- Assessed system impact and user privacy risks
Public review by large community
- Privacy enthusiasts and professionals peer-reviewed
- Millions of end-users tested across different environments
History
We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.