Registering SSP/AP DLLs

After developing a security support provider/authentication package dynamic-link library (SSP/AP DLL) containing one or more custom security packages, you must register it. To do so, add the name of your custom SSP/AP DLL to the data of the following registry value:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Security Packages

The data for this registry value is a list of the names of SSP/AP DLLs, without the ".dll" extension. The data type for this list is REG_MULTI_SZ so there must be a null character ('\0') between each DLL name in the list.

Typically, SSP/AP DLLs are stored in the %systemroot%/system32 directory. If this is the path to your custom SSP/AP DLL then do not include the path as part of the DLL name. If, however, the DLL is in a different path, include the complete path to the DLL in the name.

Each time the system starts, the LSA loads the SSP/AP DLLs in this list and performs the initialization sequence described in LSA-Mode Initialization.

Registering a custom security package as the default TLS SSP

After developing a custom TLS security support provider and registering it as described above, you must also register it as the “default TLS SSP.” To do so, populate the package name of your custom SSP to the data of the following registry value:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Default TLS SSP

The data for this registry value is the package name of SSP, not the dll name. The data type for this is REG_SZ.

User mode applications which use “default TLS SSP” will use the default registered here. Kernel mode applications or user mode applications which use “Microsoft Unified Security Protocol Provider” or other specific TLS SSP names will not be impacted by this change.


This registry information pertains to SSP/AP DLL's only. For information about registering security support providers (SSPs), see Writing and Installing a Security Support Provider. For information about the differences between SSP/AP and SSP DLLs, see SSP/APs vs. SSPs.


Restrictions around Registering and Installing a Security Package