Mind the appropriate product version for your OS. You can do that using Windows Update, since it’s available as an optional update, or manually download it from the official website (here).
The first thing to do is to download and install the Windows KB3140245. Here’s a small guide explaining how you can do that. We can fix this by telling your OS to never use TLS 1.0 anymore, and stick with TLS 1.1 and 1.2 by default. However, if you’re still using Windows 7 or Windows 8, you might have to perform some manual tasks in order to get rid of that outdated TLS version. But, always install the OS updates through the official channels. This issue doesn’t affect Windows 10 users. To justify, let’s just name the threebiggest attacks that managed to exploit the various TLS 1.0 vulnerabilities discovered within 20: BEAST, Heartbleedand POODLE. TLS version 1.0 is not safe anymore and should be disabled. The resulting registry value would be 0x00000A00.How To Enable TLS 1.1 & TLS 1.2 In Windows 7 and 8 The following values are currently supported in this update.įor example, to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2, add the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800). To determine the value to use, add the values that corresponds to the desired protocols. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp The DefaultSecureProtocols registry entry can be added in the following path: If the registry entry doesn't exist, WinHTTP uses the existing operating system defaults for WINHTTP_OPTION_SECURE_PROTOCOLS HTTP. If the entry exists, the system overrides the default protocols that are specified by WINHTTP_OPTION_SECURE_PROTOCOLS by using the protocols that are specified in the registry entry.
When an application specifies WINHTTP_OPTION_SECURE_PROTOCOLS, the system checks for the DefaultSecureProtocols registry entry. Microsoft cannot guarantee that these problems can be solved. These problems might require that you reinstall the operating system. Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method.
This update does not replace a previously released update. You may have to restart the computer after you apply this update. There are no prerequisites to install this update on Windows Embedded POSReady 2009 or Windows Embedded Standard 2009.Īfter you apply this update, see the "More information" section about the changes you have to make to the registry.
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
For more information about how to get security updates automatically, see Windows Update: FAQ. When you turn on automatic updating, this update will be downloaded and installed automatically. This update is available through Windows Update. How to obtain the update Method 1: Windows Update This update enables the system administrator to specify TLS 1.1 or TLS 1.2 when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009. Less SummaryĪpplications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols. Windows Embedded POSReady 2009 Windows Embedded Standard 2009 More.