This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 98%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello,
Regarding handling TLS/SSL encryption being used in the Internet Options for Windows 11 machines, I found that the current documentation is outdated (https://admx.help/?Category=InternetExplorer&Policy=Microsoft.Policies.InternetExplorer::Advanced_SetWinInetProtocols). I would like to find the values that would allow TLS 1.0, TLS 1.2, and TLS 1.3 to be enabled together. All values in this documentation do not result to having these enabled.
Thank you.
The value for the wanted combination of protocols is 10880
Thank you, but seems this only sets 1.0 & 1.2, 1.3 is still left unchecked. Is there a pattern or method I can use to figure this out on my own?
Don't know the pattern. I got the value from setting the options and checking the SecureProtocols reg key.
Worked for me after second attempt. Probably some user error on my side, but not sure what I could of done wrong. Thank you!
Glad to help.
For it to select just 1.0 and 1.2, the hex value was set to 10880 and not the decimal
Please remember to mark the reply as answer, so it makes it easier for other users with the same issue to locate the solution. Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 60%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
Here is a page on the topic:
In order to override a system default and set a supported (D)TLS or SSL protocol version to the Enabled state, create a DWORD registry value named "Enabled" with a non-zero value, and a DWORD registry value named "DisabledByDefault" with a value of zero, under the corresponding version-specific subkey.
Here are the version subkeys:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server
It's also important to note that 1.0 and 1.1 are considered insecure and should not be enabled.
It doesn't seem to impact the machine when adding the keys in HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols. It seems to show when modifying HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings. This is even after a reboot of the system.
My apologies, I misread the question. I see now that you meant TLS settings specifically for Internet Options and not the entire machine. The other answer is definitely what you are looking for which is setting the value to 10880.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 40%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
If anyone ends up here trying to figure out how to enable JUST TLS1.2 and TLS1.3 in Internet Options, this is what you need to set in the registry (at least for Win 11 - I didn't test on anything else).
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols (this should be a ReG_DWORD with a value of 2800)
Computer\HKEY_Current_User\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols (this key doesn't need to exist.... in my case, I had to remove it)