How the DefaultSecureProtocols registry entry works
Payment Card Industry (PCI) requires TLS 1.1 or TLS 1.2 for compliance.įor more information about the WINHTTP_OPTION_SECURE_PROTOCOLS flag, see Option Flags. This update doesn't replace a previously released update. You may have to restart the computer after you apply this update. Note To do this, you can add the registry subkey manually or install the " Easy fix" to populate the registry subkey. To apply this update, the DefaultSecureProtocols registry subkey must be added.
There's no prerequisite to apply this update in Windows Server 2012. To apply this update, you must install Service Pack 1 for Windows 7 or Windows Server 2008 R2. To get the stand-alone package for this update, go to the Microsoft Update Catalog website. For more information about how to run Windows Update, see How to get an update through Windows Update. This update is provided as a Recommended update on Windows Update. For more information, see Add language packs to Windows. Therefore, we recommend that you install any language packs that you need before you install this update. Important If you install a language pack after you install this update, you must reinstall this update. This update will not change the behavior of applications that are manually setting the secure protocols instead of passing the default flag. As these protocol versions are not enabled by default in Windows 7, you must configure the registry settings to ensure Office applications can successfully use TLS 1.1 and 1.2. This update requires that the Secure Channel (Schannel) component in Windows 7 be configured to support TLS 1.1 and 1.2.
This is the case for some Microsoft Office applications when they open documents from a SharePoint library or a Web Folder, IP-HTTPS tunnels for DirectAccess connectivity, and other applications by using technologies such as WebClient by using WebDav, WinRM, and others. This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application. This update adds support for DefaultSecureProtocols registry entry that allows the system administrator to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used. This is because the definition of this flag doesn't include these applications and services. About this updateĪpplications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols. This update provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1.
0 kommentar(er)
