I had previously set my machine for WinHTTP TLS 1.2 only and about 2 days ago started getting logon failures for OneDrive.
I had to update the value to 0x2800 and it started working again.
This is very relevant
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are deploying TLS 1.3 as a required protocol as well as Disabling TLS 1.1. On the 1909 version of software.
We are doing this via Registry Keys:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client DisablebyDefault == 0x1
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server DisablebyDefault == 0x1
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client Enabled == 0x0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server Enabled == 0x0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client DisablebyDefault == 0x0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server DisablebyDefault == 0x0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client Enabled == 0x1
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server Enabled == 0x1
It follows that we need to control the DefaultSecureProtocols keys as well.
The docs lists the following values and how to calculate complex values by adding the Hex Values
Can we assume that TLS 1.3 follows the same pattern? e.g.
We would set this on the following keys to only allow TLS 1.2 and TLS 1.3
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp DefaultSecureProtocols == 0x2800
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp DefaultSecureProtocols == 0x2800
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SecureProtocols == 0x2800
Thanks for any clarification you can give, I can not find this on the Docs site or developer pages, but I could be wrong.
I had previously set my machine for WinHTTP TLS 1.2 only and about 2 days ago started getting logon failures for OneDrive.
I had to update the value to 0x2800 and it started working again.
This is very relevant
Hi,
Based on my understanding, TLS 1.3 enabled by default in WinHttp. You don't need to set the DefaultSecureProtocols keys for TLS 1.3.
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Jason Kowalczyk ,
See if the following article can help with you:
Microsoft TLS 1.3 Support Reference
Taking Transport Layer Security (TLS) to the next level with TLS 1.3
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.