Configure secure protocol options for WinHTTP
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows 10, Windows 11
This how-to guide shows you how to use the DefaultSecureProtocols registry entry to choose which protocols for the Windows HTTP Services (WinHTTP).
The DefaultSecureProtocols registry entry allows you to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used. The setting allows applications that were built to use the WinHTTP default flag to be able to use the newer TLS protocols or prevent older SSL based natively without any need for updates to the application.
Prerequisites
Calculate the value of
DefaultSecureProtocolswith WINHTTP_OPTION_SECURE_PROTOCOLS.Confirm that your account has Administrative rights to the system.
Make sure that PowerShell is installed.
Configure DefaultSecureProtocols
Select which architecture type to add and set the DefaultSecureProtocols registry entry:
Open an elevated PowerShell prompt.
To create and set the
DefaultSecureProtocolsregistry key, run the following command and replace{value}with theDefaultSecureProtocolsvalue that you selected from Calculate the value.Get-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" | New-ItemProperty -Name "DefaultSecureProtocols" -Value "{value}"Either reboot the machine or restart whichever services are using WinHTTP.
Next steps
- To configure the
DefaultSecureProtocolsregistry entry for multiple machines, see Configure a Service Item.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for