Objective 

• Strengthen HTTPS communication security.
• Prevent vulnerabilities such as downgrade attacks.
• Comply with regulatory frameworks like the PCI DSS, HIPAA, and NIST.

Prerequisite 

• Administrative privileges in ADSelfService Plus.

Steps to disable older TLS versions in ADSelfService Plus

1. Log in to the ADSelfService Plus admin console.
2. Navigate to Admin > Product Settings > Connection.
3. Click Advanced Settings to expand additional configuration options.
4. In the TLS Versions drop-down, deselect the check boxes next to TLSv1 and TLSv1.1.
5. Click Save to apply the settings.
6. Restart the service manually via services.msc for the changes to take effect.

Validation and confirmation  

• Access the portal: After restarting the server, access ADSelfService Plus via HTTPS (https: //<hostname>:9251). Ensure the site loads successfully.
• Verify using tools: Use browser developer tools (Security tab in Chrome or Firefox) or online tools such as SSL Labs SSL Test to verify the following:
• TLS 1.0 and TLS 1.1 are not supported.
• TLS 1.2 or higher is enabled and negotiated during SSL handshakes.

Tips 

• Ensure all browsers, client machines, and integrated applications that connect to ADSelfService Plus support TLS 1.2 or above before disabling older versions.
• Disabling legacy protocols will help your environment pass security audits and reduce attack surface.

How to reach support