The value for the wanted combination of protocols is 10880
TLS 1.3 - GPO/Registry Modification
Hello,
Regarding handling TLS/SSL encryption being used in the Internet Options for Windows 11 machines, I found that the current documentation is outdated (https://admx.help/?Category=InternetExplorer&Policy=Microsoft.Policies.InternetExplorer::Advanced_SetWinInetProtocols). I would like to find the values that would allow TLS 1.0, TLS 1.2, and TLS 1.3 to be enabled together. All values in this documentation do not result to having these enabled.
Thank you.
1 additional answer
Sort by: Most helpful
-
Dave Woolsey 256 Reputation points
2022-08-18T20:39:38.727+00:00 Here is a page on the topic:
In order to override a system default and set a supported (D)TLS or SSL protocol version to the Enabled state, create a DWORD registry value named "Enabled" with a non-zero value, and a DWORD registry value named "DisabledByDefault" with a value of zero, under the corresponding version-specific subkey.
Here are the version subkeys:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\ClientHKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\ServerIt's also important to note that 1.0 and 1.1 are considered insecure and should not be enabled.