Upgrade Your Windows Server Outbound Connections to TLS 1.3

Author: Kevin Attard Compagno, Partner Communications Manager, 3CX
Posted on: February 26th, 2026

Secure your Windows Servers’ outbound HTTPS connections by configuring them to use modern protocols and ciphers. By default, Windows Servers may still attempt to initiate connections using TLS 1.0, which is now considered outdated and insecure.

Why TLS 1.0 Is Insecure

TLS 1.0 can negotiate cryptographic protocols that are weak by today’s standards, such as SHA-1. Many modern services may reject TLS 1.0 connections entirely to enforce secure communications. Continuing to allow TLS 1.0 for outbound connections exposes your server to potential vulnerabilities and connection failures.

How to Disable TLS 1.0

You can disable TLS 1.0 for outbound client connections by updating the Windows Registry. Run the following commands from a PowerShell session with administrative privileges:

After applying these changes, a server reboot may be required for the new settings to take effect.

⚠️ Registry Modifications – Proceed With Caution

Editing the Windows Registry carries inherent risks. Incorrect modifications can lead to irreversible system errors or even prevent the server from booting. These steps are intended for advanced users and should be performed carefully.

Recommended precautions:

• Backup: Export the relevant registry keys or create a VM snapshot before making changes.

• Test: Apply and validate the changes in a staging environment before deploying to production.

By disabling TLS 1.0 and ensuring your server uses TLS 1.3 for outbound connections, you align with modern security standards and improve compatibility with secure external services.