Windows 10: Windows 10 TLS 1.3 Enablement Registry keys

Discus and support Windows 10 TLS 1.3 Enablement Registry keys in AntiVirus, Firewalls and System Security to solve the problem; We are deploying TLS 1.3 as a required protocol as well as Disabling TLS 1.1. On the 1909 version of software. We are doing this via Registry Keys:... Discussion in 'AntiVirus, Firewalls and System Security' started by JasonKowalczyk, Apr 7, 2021.

  1. JASONKOWALCZYK
    JasonKowalczyk Win User

    Windows 10 TLS 1.3 Enablement Registry keys


    We are deploying TLS 1.3 as a required protocol as well as Disabling TLS 1.1. On the 1909 version of software.


    We are doing this via Registry Keys:


    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client DisablebyDefault == 0x1

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server DisablebyDefault == 0x1

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client Enabled == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server Enabled == 0x0


    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client DisablebyDefault == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server DisablebyDefault == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client Enabled == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server Enabled == 0x0


    It follows that we need to control the DefaultSecureProtocols keys as well.


    The docs lists the following values and how to calculate complex values by adding the Hex Values


    ## 0x00000008 Enable SSL 2.0 by default

    ## 0x00000020 Enable SSL 3.0 by default

    ## 0x00000080 Enable TLS 1.0 by default

    ## 0x00000200 Enable TLS 1.1 by default

    ## 0x00000800 Enable TLS 1.2 by default


    Can we assume that TLS 1.3 follows the same pattern? e.g.

    [COLOR=rgba215, 57, 0, 1]## 0x00002000[/COLOR] [COLOR=rgba215, 57, 0, 1]Enable TLS 1.3 by default[/COLOR]


    We would set this on the following keys to only allow TLS 1.2 and TLS 1.3


    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp DefaultSecureProtocols == 0x2800

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp DefaultSecureProtocols == 0x2800
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SecureProtocols == 0x2800

    Thanks for any clarification you can give, I can not find this on the Docs site or developer pages, but I could be wrong.


    Reference: SUPPORT SITE

    :)
     
    JasonKowalczyk, Apr 7, 2021
    #1
  2. CURATIA
    curatia Win User

    Microsoft Edge TLS Security

    After trying everything (not a lot of steps) listed in the Microsoft Edge support site, I did a wider search and found this very simple youtube video that fixed it immediately:

    For those who prefer not to click links the steps are simple:

    1. Click in the Cortana search bar next to the Win 10 Start button

    2. Type internet options

    3. Select internet options (control panel) from the list

    4. Click on the advanced tab

    5. Scroll down to the security section

    6. Make sure the following are all clicked:
    Use SSL 3.0
    Use TLS 1.0
    Use TLS 1.1
    Use TLS 1.2

    7. Click apply

    8. Refresh the page that was giving the error and it should now connect.

    Hope this helps, it was a 30 second fix after hours of pounding my head against the error with the Support site suggestions.
     
    curatia, Apr 7, 2021
    #2
  3. MALA_S
    Mala_S Win User
    TLS 1.1 AND TLS 1.2 are gray out

    Hi,

    Thank you for writing to Microsoft Community forum.

    As per the TLS-SSL Settings article, for TLS 1.1 and 1.2 to be enabled and negotiated, you MUST create the
    DisabledByDefault entry in the appropriate sub key (Client) and set it to
    0. These sub keys will not be created in the registry since these protocols are disabled by default.

    Create the necessary sub keys for TLS 1.1 and 1.2, create the DisabledByDefault
    DWORD values and set it to 0 in the following locations.

    Type Regedit in Start menu or taskbar search box and then press Enter key. Click
    Yes button when you see the User Account Control dialog. In the Registry Editor, navigate to the following key:

    For TLS 1.1:

    • Go to the Registry location -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
    • On the right-side, right-click on the empty space, click New, click
      DWORD (32-bit) Value, and name it as DisabledByDefault.
    • Finally, double-click on
      DisabledByDefault, and set its value data to 0.

    For TLS 1.2:

    • Go to the Registry location - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
    • On the right-side, right-click on the empty space, click New, click
      DWORD (32-bit) Value, and name it as DisabledByDefault.
    • Finally, double-click on
      DisabledByDefault, and set its value data to 0.


    Registry Disclaimer: The registry is a database in Windows that contains important information about system hardware, installed programs and settings, and profiles of each of the user accounts on the computer. Windows often reads
    and updates the information in the registry.

    Normally, software programs make registry changes automatically. You should not make unnecessary changes to the registry. Changing registry files incorrectly can cause Windows to stop working or make Windows report the wrong information.

    Please take a backup of the registry. Follow the steps given in the link below:

    Link: How to back up and restore the registry in Windows

    Regards,

    Mala.S

    Microsoft Community
     
    Mala_S, Apr 7, 2021
    #3
  4. ANGELCARRENO
    AngelCarreno Win User

    Windows 10 TLS 1.3 Enablement Registry keys

    TLS 1.2

    Hi,

    My name is Angel. I am an Independent Advisor. Thank you for posting in Microsoft Community.

    To update to TLS 1.2 follow this instructions:

    1. From Notepad.exe, create a text file named TLS12-Enable.reg.

    2. Copy and paste the following text into the file.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

    "DisabledByDefault"=dword:00000000

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

    "DisabledByDefault"=dword:00000000

    "Enabled"=dword:00000001

    1. Save TLS12-Enable.reg.

    2. Double-click the TLS12-Enable.reg file.

    3. Click Yes to update your Windows Registry with these changes.

    4. Restart the machine for the changes to take effect.

    Registry disclaimer

    To do so: Important this section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection,
    back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

    How to back up and restore the registry in Windows

    How to back up and restore the registry in Windows

    Hope the information provided is useful. If the issue persists, reply here and we will be glad to help you.

    Angel.
     
    AngelCarreno, Apr 7, 2021
    #4
Thema:

Windows 10 TLS 1.3 Enablement Registry keys

Loading...

  1. Windows 10 TLS 1.3 Enablement Registry keys - Similar Threads - TLS Enablement Registry

  2. How to enable disabled Home Key from Registry

    in Windows 10 Software and Apps
    How to enable disabled Home Key from Registry: Hi, I have disabled home keyboard for some reason from here and I want to enable it back. I didnt back up my registry. So is there any ways to enable the key from registry?...

  3. How to enable disabled Home Key from Registry

    in Windows 10 Gaming
    How to enable disabled Home Key from Registry: Hi, I have disabled home keyboard for some reason from here and I want to enable it back. I didnt back up my registry. So is there any ways to enable the key from registry?...

  4. Windows 10 Registry Key Reference

    in Windows 10 Customization
    Windows 10 Registry Key Reference: I was reviewing registry keys for Windows 10 and am wondering if a reference document exists.More specifically, I am trying to determine the below.- The exact purpose of the Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\WcmSvc\Tethering\Roaming\Devices\-MACAddress- registry...

  5. Windows 10 Registry Key Reference

    in Windows 10 Software and Apps
    Windows 10 Registry Key Reference: I was reviewing registry keys for Windows 10 and am wondering if a reference document exists.More specifically, I am trying to determine the below.- The exact purpose of the Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\WcmSvc\Tethering\Roaming\Devices\-MACAddress- registry...

  6. TLS 1.3 enabled by default in latest Windows 10 builds

    in Windows 10 News
    TLS 1.3 enabled by default in latest Windows 10 builds: Microsoft announced this week that it enabled TLS 1.3, the latest version of the security protocol, in the latest Windows 10 builds starting with build 20170. The company notes that TLS 1.3 is enabled by default in IIS/HTTP.SYS, and that Microsoft Edge Legacy and Internet...

  7. How to enable TLS 1.1 or TLS 1.2 in Chrome?

    in Windows 10 Network and Sharing
    How to enable TLS 1.1 or TLS 1.2 in Chrome?: Hi, I keep getting an error message from my provider's website to enable TLS 1.1 or TLS 1.2 so I can check my health record. I tried all available options that were found in your get help section and from google. However, I was able to enable it in internet explorer, I...

  8. Registry key to identify if Windows Hello Biometric is enabled

    in Windows Hello & Lockscreen
    Registry key to identify if Windows Hello Biometric is enabled: Is there a regkey that we can refer to check if user has windows hello biometric is setup on a device. ***Original title: Window hello status on windows 10 devices***...

  9. Registry keys registry keys

    in Windows 10 Customization
    Registry keys registry keys: Where can I customize the file type/extension icon? John 137822

  10. enable system restore registry key

    in Windows 10 Installation and Upgrade
    enable system restore registry key: Do someone know if it is posible to enable system restore with registry key in windows 10 ?? https://answers.microsoft.com/en-us/windows/forum/all/enable-system-restore-registry-key/9e34679f-12cd-4433-8750-3bdce6f7f360

Users found this page by searching for:

  1. defaultsecureprotocols tls 1.3

    ,

  2. tls 1.3 in windows 10

    ,

  3. how to disable TLS 1.3

    ,
  4. how to enable TLS 1.3 in the server