Question: Why does the Centrify connector keep enabling TLS 1.1?
Answer: The connector has generic support for TLS and enabling TLS 1.1 doesn't cause it be used, only supported if needed.
To disable the automatic enabling of TLS 1.1, create a string registry setting for the connector:
Value: TLS 1.1
Note the space in the value, between 'TLS' and '1.1'
Shutdown and restart the connector (may need to reboot the host).
Disable the TLS 1.1 protocol registry settings (under HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1)
The connector should no longer change the TLS 1.1 protocol settings.
Note: The connector always uses TLS 1.2 if the remote host supports TLS 1.2. TLS 1.1 will be removed once it is no longer supported.