Skip to main content

Disable insecure connections from .NET apps

Overview

About this script

This script improves your privacy on Windows.

These changes use Windows system commands to update your settings.

This script improves security by enforcing secure network connections across all .NET applications.

By setting the SchUseStrongCrypto configuration 1 2 3 4, it prevents the use of outdated and insecure connections, including:

  • Protocols weaker than TLS 1.1 1 4 and TLS 1.2 1 2 4.
  • Cipher algorithms such as RC4 4 5, NULL 6, DES 6, and export suites 6.
  • Hash algorithms like MD5 6.

Authorities like Microsoft 1, and Department of Defense (DoD) 3 recommend this configuration as part of their security guidelines.

This script applies to all .NET applications on the system 1. A .NET application is any software developed using Microsoft's .NET platform 7. This includes many third-party and system applications on Windows, like PowerShell 8. A .NET application can be various of types, ranging from mobile apps to cloud services 7.

This script affects only the client-side (outgoing) connections of an application 1. It secures outgoing data from the application without changing how incoming data is handled.

You must restart your system after running this script to activate the security improvements 2 5.

Caution

This script may disrupt applications relying on legacy services that lack support for modern cryptographic standards 1.

This script uses Batch (batchfile) scripting language.

Use with Caution

This script is only recommended if you understand its implications. Some non-critical or features may no longer function correctly after running this script.

Implementation Details
  • Language: batch

  • Required Privileges: Administrator rights

  • Compatibility: Windows only

  • Reversibility: Can be undone using provided revert script

Explore Categories

This action belongs to Disable insecure connections category. This category includes scripts designed to enhance users' security and privacy by disabling outdated or vulnerable connections across the system. It safeguards data against interception, unauthorized access, and attacks that exploit outdated technology vulnerabilities, including... Read more on category page ▶

Apply now

Choose one of three ways to apply:

  1. Automatically via privacy.sexy: The easiest and safest option.
  2. Manually by downloading: Requires downloading a file.
  3. Manually by copying: Advanced flexibility.

Alternative 1. Apply with Privacy.sexy

privacy.sexy is free and open-source application that lets securely apply this action easily.

Open privacy.sexy

You can fully restore this action (revert back to the original behavior) using the application.

privacy.sexy instructions
  1. Open or download the desktop application
  2. Search for the script name: Disable insecure connections from .NET apps.
  3. Check the script by clicking on the checkbox.
  4. Click on Run button at the bottom of the page.

Alternative 2. Download

Irreversible Changes

This script is irreversible, meaning there is no straightforward method to restore changes once applied. Exercise caution before running, restoring it may not be possible.

  1. Download the script file by clicking on the button below:

    Download script

  2. Run the script file by clicking on it.

Download revert script

This file restores your system to its original state, before this script is applied.

Download restore script

Alternative 3. Copy

This is for advanced users. Consider automatically applying or downloading the script for simpler way.

  1. Open Command Prompt as administrator.
HELP: Step-by-step guide
  1. Click on Start menu

  2. Type cmd

  3. Right click on Command Prompt select Run as administrator

  4. Click on Yes to run Command Prompt


Animation showing how to open terminal as administrator on Windows 11

  1. Copy the following code:
Code to apply changes
:: Configure "SchUseStrongCrypto" for .NET applications
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727'; $data = '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727'; $data = '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'; $data = '1'; reg add 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'; $data = '1'; reg add 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Suggest restarting computer for changes to take effect
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn = $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
  1. Right click on command prompt to paste it.
  2. Press Enter to apply remaining code.

Copy restore code

Copy and run the following code to restore changes:

Revert code
:: Restore "SchUseStrongCrypto" configuration for .NET applications
:: Delete the registry value "HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /f 2>$null"
:: Delete the registry value "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727' /v 'SchUseStrongCrypto' /f 2>$null"
:: Delete the registry value "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /f 2>$null"
:: Delete the registry value "HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319!SchUseStrongCrypto"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' /v 'SchUseStrongCrypto' /f 2>$null"
:: Suggest restarting computer for changes to take effect
PowerShell -ExecutionPolicy Unrestricted -Command "$message = 'For the changes to fully take effect, please restart your computer.'; $warn = $false; if ($warn) { Write-Warning "^""$message"^""; } else { Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"

Support

This website relies on your support.

Support now

Your donation helps keep the project alive and improves its content ❤️.

Share this page: