Configure secure protocol options for WinHTTP
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows 10, Windows 11
This how-to guide shows you how to use the DefaultSecureProtocols
registry entry to choose which protocols for the Windows HTTP Services (WinHTTP).
The DefaultSecureProtocols
registry entry allows you to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS
flag is used. The setting allows applications that were built to use the WinHTTP default flag to be able to use the newer TLS protocols or prevent older SSL based natively without any need for updates to the application.
Prerequisites
Calculate the value of
DefaultSecureProtocols
with WINHTTP_OPTION_SECURE_PROTOCOLS.Confirm that your account has Administrative rights to the system.
Make sure that PowerShell is installed.
Configure DefaultSecureProtocols
Select which architecture type to add and set the DefaultSecureProtocols
registry entry:
Open an elevated PowerShell prompt.
To create and set the
DefaultSecureProtocols
registry key, run the following command and replace{value}
with theDefaultSecureProtocols
value that you selected from Calculate the value.Get-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" | New-ItemProperty -Name "DefaultSecureProtocols" -Value "{value}"
Either reboot the machine or restart whichever services are using WinHTTP.
Next steps
- To configure the
DefaultSecureProtocols
registry entry for multiple machines, see Configure a Service Item.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for