| title | description | ms.topic | author | ms.author | ms.date |
|---|---|---|---|---|---|
Configure secure protocol options for Windows HTTP Services (WinHTTP) | This article provides information about how to configure secure protocol options for Windows HTTP Services (WinHTTP). | how-to | robinharwood | roharwoo | 03/27/2024 |
This how-to guide shows you how to use the DefaultSecureProtocols registry entry to choose which protocols for the Windows HTTP Services (WinHTTP).
The DefaultSecureProtocols registry entry allows you to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used. The setting allows applications that were built to use the WinHTTP default flag to be able to use the newer TLS protocols or prevent older SSL based natively without any need for updates to the application.
Calculate the value of
DefaultSecureProtocolswith WINHTTP_OPTION_SECURE_PROTOCOLS.Confirm that your account has Administrative rights to the system.
Make sure that PowerShell is installed.
Select which architecture type to add and set the DefaultSecureProtocols registry entry:
Open an elevated PowerShell prompt.
To create and set the
DefaultSecureProtocolsregistry key, run the following command and replace{value}with theDefaultSecureProtocolsvalue that you selected from Calculate the value.Get-Item-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"|New-ItemProperty-Name "DefaultSecureProtocols"-Value "{value}"
Either reboot the machine or restart whichever services are using WinHTTP.
Open an elevated PowerShell prompt.
To create and set the
DefaultSecureProtocolsregistry key, run the following commands and replace{value}with theDefaultSecureProtocolsvalue that you selected from Calculate the value.# Addresses 64-bit applicationsGet-Item-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"|New-ItemProperty-Name "DefaultSecureProtocols"-Value "{value}"# Addresses 32-bit applicationsGet-Item-Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"|New-ItemProperty-Name "DefaultSecureProtocols"-Value "{value}"
Either reboot the machine or restart whichever services are using WinHTTP.
Note
On x64 based systems, having both registry keys present simultaneously is required to ensure proper addressing for both types of applications.
- To configure the
DefaultSecureProtocolsregistry entry for multiple machines, see Configure a Service Item.
