Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows
The DefaultSecureProtocols registry entry can be added in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
On x64-based computers, DefaultSecureProtocols must also be added to the Wow6432Node path:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
The registry value is a DWORD bitmap. The value to use is determined by adding the values corresponding to the protocols desired.
|
DefaultSecureProtocols Value |
Protocol enabled |
|---|---|
|
0x00000008 |
Enable SSL 2.0 by default |
|
0x00000020 |
Enable SSL 3.0 by default |
|
0x00000080 |
Enable TLS 1.0 by default |
|
0x00000200 |
Enable TLS 1.1 by default |
|
0x00000800 |
Enable TLS 1.2 by default |
For example:
The administrator wants to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2.
Take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800), then add them together in calculator (in programmer mode), and the resulting registry value would be 0x00000A00.
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows