Appendix G: Configure Default Secure Protocols for Microsoft Windows HTTP Services - Perceptive Content Update Guide - Foundation 24.1 - Foundation 24.1 - Ready - Perceptive Content - external

Perceptive Content Update Guide

Platform
Perceptive Content
Product
Perceptive Content Update Guide
Release
Foundation 24.1
License

To specify additional secure protocols for WinHTTP using the DefaultSecureProtocols registry entry, configure the following.

Determine the secure protocols you want to allow and calculate the value of DefaultSecureProtocols registry entry.

The registry value is a DWORD bitmap that specifies which secure protocols are acceptable by default. The value to use is determined by adding the values corresponding to the protocols desired.

DefaultSecureProtocols Description
0x00000008 The SSL 2.0 protocol can be used by default.
0x00000020 The SSL 3.0 protocol can be used by default.
0x00000080 The TLS 1.0 protocol can be used by default.
0x00000200 The TLS 1.1 protocol can be used by default.
0x00000800 The TLS 1.2 protocol can be used by default.
0x00002000 The TLS 1.3 protocol can be used by default.

For example, if you want to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2, take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800), add them together in a calculator (in programmer mode), and the resulting registry value would be 0x00000A00.

  • Using a tool such as the Windows Registry Editor or PowerShell, create or modify the DefaultSecureProtocols registry entry using the calculated value:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

  • On x64-based computers, you must also configure DefaultSecureProtocols registry entry on the Wow6432Node registry path using the calculated value:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp