To specify additional secure protocols for WinHTTP using the DefaultSecureProtocols registry entry, configure the following.
Determine the secure protocols you want to allow and calculate the value of DefaultSecureProtocols registry entry.
The registry value is a DWORD bitmap that specifies which secure protocols are acceptable by default. The value to use is determined by adding the values corresponding to the protocols desired.
DefaultSecureProtocols | Description |
---|---|
0x00000008 | The SSL 2.0 protocol can be used by default. |
0x00000020 | The SSL 3.0 protocol can be used by default. |
0x00000080 | The TLS 1.0 protocol can be used by default. |
0x00000200 | The TLS 1.1 protocol can be used by default. |
0x00000800 | The TLS 1.2 protocol can be used by default. |
0x00002000 | The TLS 1.3 protocol can be used by default. |
For example, if you want to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2, take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800), add them together in a calculator (in programmer mode), and the resulting registry value would be 0x00000A00.
- Using a tool such as the Windows Registry Editor or PowerShell, create or modify the
DefaultSecureProtocols registry entry using the calculated
value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
- On x64-based computers, you must also configure DefaultSecureProtocols registry
entry on the Wow6432Node registry path using the calculated
value:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp