Windows 10: Windows 10 TLS 1.3 Enablement Registry keys

Discus and support Windows 10 TLS 1.3 Enablement Registry keys in AntiVirus, Firewalls and System Security to solve the problem; We are deploying TLS 1.3 as a required protocol as well as Disabling TLS 1.1. On the 1909 version of software. We are doing this via Registry Keys:... Discussion in 'AntiVirus, Firewalls and System Security' started by JasonKowalczyk, Apr 7, 2021.

  1. Windows 10 TLS 1.3 Enablement Registry keys


    We are deploying TLS 1.3 as a required protocol as well as Disabling TLS 1.1. On the 1909 version of software.


    We are doing this via Registry Keys:


    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client DisablebyDefault == 0x1

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server DisablebyDefault == 0x1

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client Enabled == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server Enabled == 0x0


    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client DisablebyDefault == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server DisablebyDefault == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client Enabled == 0x0

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server Enabled == 0x0


    It follows that we need to control the DefaultSecureProtocols keys as well.


    The docs lists the following values and how to calculate complex values by adding the Hex Values


    ## 0x00000008 Enable SSL 2.0 by default

    ## 0x00000020 Enable SSL 3.0 by default

    ## 0x00000080 Enable TLS 1.0 by default

    ## 0x00000200 Enable TLS 1.1 by default

    ## 0x00000800 Enable TLS 1.2 by default


    Can we assume that TLS 1.3 follows the same pattern? e.g.

    [COLOR=rgba215, 57, 0, 1]## 0x00002000[/COLOR] [COLOR=rgba215, 57, 0, 1]Enable TLS 1.3 by default[/COLOR]


    We would set this on the following keys to only allow TLS 1.2 and TLS 1.3


    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp DefaultSecureProtocols == 0x2800

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp DefaultSecureProtocols == 0x2800
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SecureProtocols == 0x2800

    Thanks for any clarification you can give, I can not find this on the Docs site or developer pages, but I could be wrong.


    Reference: SUPPORT SITE

    :)
     
    JasonKowalczyk, Apr 7, 2021
    #1
  2. curatia Win User

    Microsoft Edge TLS Security

    After trying everything (not a lot of steps) listed in the Microsoft Edge support site, I did a wider search and found this very simple youtube video that fixed it immediately:

    For those who prefer not to click links the steps are simple:

    1. Click in the Cortana search bar next to the Win 10 Start button

    2. Type internet options

    3. Select internet options (control panel) from the list

    4. Click on the advanced tab

    5. Scroll down to the security section

    6. Make sure the following are all clicked:
    Use SSL 3.0
    Use TLS 1.0
    Use TLS 1.1
    Use TLS 1.2

    7. Click apply

    8. Refresh the page that was giving the error and it should now connect.

    Hope this helps, it was a 30 second fix after hours of pounding my head against the error with the Support site suggestions.
     
    curatia, Apr 7, 2021
    #2
  3. Mala_S Win User
    TLS 1.1 AND TLS 1.2 are gray out

    Hi,

    Thank you for writing to Microsoft Community forum.

    As per the TLS-SSL Settings article, for TLS 1.1 and 1.2 to be enabled and negotiated, you MUST create the
    DisabledByDefault entry in the appropriate sub key (Client) and set it to
    0. These sub keys will not be created in the registry since these protocols are disabled by default.

    Create the necessary sub keys for TLS 1.1 and 1.2, create the DisabledByDefault
    DWORD values and set it to 0 in the following locations.

    Type Regedit in Start menu or taskbar search box and then press Enter key. Click
    Yes button when you see the User Account Control dialog. In the Registry Editor, navigate to the following key:

    For TLS 1.1:

    • Go to the Registry location -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
    • On the right-side, right-click on the empty space, click New, click
      DWORD (32-bit) Value, and name it as DisabledByDefault.
    • Finally, double-click on
      DisabledByDefault, and set its value data to 0.

    For TLS 1.2:

    • Go to the Registry location - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
    • On the right-side, right-click on the empty space, click New, click
      DWORD (32-bit) Value, and name it as DisabledByDefault.
    • Finally, double-click on
      DisabledByDefault, and set its value data to 0.


    Registry Disclaimer: The registry is a database in Windows that contains important information about system hardware, installed programs and settings, and profiles of each of the user accounts on the computer. Windows often reads
    and updates the information in the registry.

    Normally, software programs make registry changes automatically. You should not make unnecessary changes to the registry. Changing registry files incorrectly can cause Windows to stop working or make Windows report the wrong information.

    Please take a backup of the registry. Follow the steps given in the link below:

    Link: How to back up and restore the registry in Windows

    Regards,

    Mala.S

    Microsoft Community
     
    Mala_S, Apr 7, 2021
    #3
  4. Windows 10 TLS 1.3 Enablement Registry keys

    TLS 1.2

    Hi,

    My name is Angel. I am an Independent Advisor. Thank you for posting in Microsoft Community.

    To update to TLS 1.2 follow this instructions:

    1. From Notepad.exe, create a text file named TLS12-Enable.reg.

    2. Copy and paste the following text into the file.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

    "DisabledByDefault"=dword:00000000

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

    "DisabledByDefault"=dword:00000000

    "Enabled"=dword:00000001

    1. Save TLS12-Enable.reg.

    2. Double-click the TLS12-Enable.reg file.

    3. Click Yes to update your Windows Registry with these changes.

    4. Restart the machine for the changes to take effect.

    Registry disclaimer

    To do so: Important this section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection,
    back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

    How to back up and restore the registry in Windows

    How to back up and restore the registry in Windows

    Hope the information provided is useful. If the issue persists, reply here and we will be glad to help you.

    Angel.
     
    AngelCarreno, Apr 7, 2021
    #4
Thema:

Windows 10 TLS 1.3 Enablement Registry keys

Loading...
  1. Windows 10 TLS 1.3 Enablement Registry keys - Similar Threads - TLS Enablement Registry

  2. Windows 10 Registry Key Question

    in Windows 10 Customization
    Windows 10 Registry Key Question: Hello to the Microsoft Community, I stumbled across something I would like to ask the community about. I was poking around the registry on one of my two workstations and saw something that may be nothing at all, but it's the first time I have seen registry keys like this....
  3. "Display only on 1" in Registry

    in Windows 10 Support
    "Display only on 1" in Registry: Hello ! By default Windows 10 display is set to "Duplicate display" but I would like it's set to "Display only on 1" at startup. Does anyone know the key corresponding in Registry? 172681
  4. TLS 1.3 enabled by default in latest Windows 10 builds

    in Windows 10 News
    TLS 1.3 enabled by default in latest Windows 10 builds: Microsoft announced this week that it enabled TLS 1.3, the latest version of the security protocol, in the latest Windows 10 builds starting with build 20170. The company notes that TLS 1.3 is enabled by default in IIS/HTTP.SYS, and that Microsoft Edge Legacy and Internet...
  5. How to enable TLS 1.1 or TLS 1.2 in Chrome?

    in Windows 10 Network and Sharing
    How to enable TLS 1.1 or TLS 1.2 in Chrome?: Hi, I keep getting an error message from my provider's website to enable TLS 1.1 or TLS 1.2 so I can check my health record. I tried all available options that were found in your get help section and from google. However, I was able to enable it in internet explorer, I...
  6. Windows 10 windowslogon registry key

    in Windows 10 Customization
    Windows 10 windowslogon registry key: I turned on this key to play a sound at logon. After I re-booted and logged in I got an error message saying that the SEN service was not started. Is there a bug in Windows 10?...
  7. Windows 10 update 3/1/2020

    in Windows 10 Installation and Upgrade
    Windows 10 update 3/1/2020: The latest update caused my computer not to work. After I log in its a black screen with a cursor and a small window that says personalized settings. That's it. If someone has information about this that would be great. Right now I'm trying to reset Windows and keep my...
  8. Registry key to identify if Windows Hello Biometric is enabled

    in Windows Hello & Lockscreen
    Registry key to identify if Windows Hello Biometric is enabled: Is there a regkey that we can refer to check if user has windows hello biometric is setup on a device. ***Original title: Window hello status on windows 10 devices***...
  9. Registry keys registry keys

    in Windows 10 Customization
    Registry keys registry keys: Where can I customize the file type/extension icon? John 137822
  10. enable system restore registry key

    in Windows 10 Installation and Upgrade
    enable system restore registry key: Do someone know if it is posible to enable system restore with registry key in windows 10 ?? https://answers.microsoft.com/en-us/windows/forum/all/enable-system-restore-registry-key/9e34679f-12cd-4433-8750-3bdce6f7f360