Disable insecure renegotiation
Overview
This script improves your privacy on Windows.
These changes use Windows system commands to update your settings.
This script enhances your security by reducing risks associated with secure communications. By running this script, you proactively enhance your online privacy and secure against well-known TLS vulnerabilities.
TLS secures internet communications. It allows parties such as browsers and websites to update their encryption settings through renegotiation 2. Without safeguards, attackers could intercept and compromise these communications 1 2 3 4 5 6.
Insecure renegotiation can let attackers hijack communications from the start, enabling unauthorized control 1, data manipulation 3 6, DoS attacks 3, and identity spoofing 4 5 6.
To counter these threats, this script implements measures standardized in RFC 5746 1 2, effectively closing the loophole that allowed these vulnerabilities.
This script enhances security by blocking insecure renegotiation attempts and aims to improve compatibility with older software. It modifies the following system settings to achieve this:
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoClients
1 3: Stops the client from responding to insecure renegotiation attempts 1 3.HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoServers
1 3: Stops the server from responding to insecure renegotiation attempts 1 3.HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnClient
3 4: Prevents the client from initiating or responding to insecure renegotiation requests 3 4.HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnServer
3 4: Prevents the server from initiating or responding to insecure renegotiation requests 3 4.HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!UseScsvForTls
1: Enhances compatibility with older software, preventing potential communication issues 1.
This script may impact the functionality of software using outdated and insecure communication methods 3. Affected software includes older versions of:
This may cause compatibility issues with older devices or software.
This script uses Batch (batchfile) scripting language.
This script is only recommended if you understand its implications. Some non-critical or features may no longer function correctly after running this script.
Implementation Details
-
Language: batch
-
Required Privileges: Administrator rights
-
Compatibility: Windows only
-
Reversibility: Can be undone using provided revert script
Explore Categories
- Disable insecure connections
- Improve network security
- Security improvements
This action belongs to Disable insecure connections category. This category includes scripts designed to enhance users' security and privacy by disabling outdated or vulnerable connections across the system. It safeguards data against interception, unauthorized access, and attacks that exploit outdated technology vulnerabilities, including... Read more on category page ▶
This action belongs to Improve network security category. This category is dedicated to improving network security. It aims to minimize vulnerabilities by offering various settings that improve the integrity and confidentiality of data transmitted over the network. It features a range of measures to protect data transmission from unauthorized access,... Read more on category page ▶
This action belongs to Security improvements category. This category encompasses a range of scripts designed to improve the security of your system by enforcing security best practices. These scripts help protect your system against various types of cyber threats and unauthorized access. Read more on category page ▶
Apply now
Choose one of three ways to apply:
- Automatically via privacy.sexy: The easiest and safest option.
- Manually by downloading: Requires downloading a file.
- Manually by copying: Advanced flexibility.
Alternative 1. Apply with Privacy.sexy
privacy.sexy is free and open-source application that lets securely apply this action easily.
You can fully restore this action (revert back to the original behavior) using the application.
privacy.sexy instructions
- Open or download the desktop application
- Search for the script name:
Disable insecure renegotiation
. - Check the script by clicking on the checkbox.
- Click on Run button at the bottom of the page.
Alternative 2. Download
This script is irreversible, meaning there is no straightforward method to restore changes once applied. Exercise caution before running, restoring it may not be possible.
-
Download the script file by clicking on the button below:
-
Run the script file by clicking on it.
Download revert script
This file restores your system to its original state, before this script is applied.
Alternative 3. Copy
This is for advanced users. Consider automatically applying or downloading the script for simpler way.
- Open Command Prompt as administrator.
HELP: Step-by-step guide
-
Click on Start menu
- Windows 11
- Windows 10
-
Type cmd
- Windows 11
- Windows 10
-
Right click on Command Prompt select Run as administrator
- Windows 11
- Windows 10
-
Click on Yes to run Command Prompt
- Windows 11
- Windows 10
- Windows 11
- Windows 10
- Copy the following code:
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoClients"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'AllowInsecureRenegoClients' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoServers"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data = '0'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'AllowInsecureRenegoServers' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnServer"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data = '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'DisableRenegoOnServer' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnClient"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data = '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'DisableRenegoOnClient' /t 'REG_DWORD' /d "^""$data"^"" /f"
:: Set the registry value: "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!UseScsvForTls"
PowerShell -ExecutionPolicy Unrestricted -Command "$registryPath = 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL'; $data = '1'; reg add 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'UseScsvForTls' /t 'REG_DWORD' /d "^""$data"^"" /f"
- Right click on command prompt to paste it.
- Press Enter to apply remaining code.
Copy restore code
Copy and run the following code to restore changes:
:: Delete the registry value "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoClients"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'AllowInsecureRenegoClients' /f 2>$null"
:: Delete the registry value "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!AllowInsecureRenegoServers"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'AllowInsecureRenegoServers' /f 2>$null"
:: Delete the registry value "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnServer"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'DisableRenegoOnServer' /f 2>$null"
:: Delete the registry value "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!DisableRenegoOnClient"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'DisableRenegoOnClient' /f 2>$null"
:: Delete the registry value "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL!UseScsvForTls"
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' /v 'UseScsvForTls' /f 2>$null"
Support
This website relies on your support.
Your donation helps keep the project alive and improves its content ❤️.
Share this page: