This configuration ensures that the change doesn't break any other application that might still rely on SSL 3.0 or TLS 1.0. The above example keeps these defaults, and also enables TLS 1.1 and TLS 1.2 for WinHTTP.
By default in Windows, this value is 0x0A0 to enable SSL 3.0 and TLS 1.0 for WinHTTP.
#HOW TO USE FNIS 6.2 UPDATE#
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows lists the hexadecimal value for each protocol. The example above shows the value of 0xAA0 for the WinHTTP DefaultSecureProtocols setting. If you change this value, restart the computer. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\ Verify the value of the DefaultSecureProtocols registry setting, for example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\ Otherwise, you can inadvertently orphan them. With the patch installed, create the following registry values:Įnable these settings on all clients running earlier versions of Windows before enabling TLS 1.2 and disabling the older protocols on the Configuration Manager servers.
#HOW TO USE FNIS 6.2 INSTALL#
For these earlier versions of Windows, install Update 3140245 to enable the registry value below, which can be set to add TLS 1.1 and TLS 1.2 to the default secure protocols list for WinHTTP. Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016, and later versions of Windows natively support TLS 1.2 for client-server communications over WinHTTP.Įarlier versions of Windows, such as Windows 7 or Windows Server 2012, don't enable TLS 1.1 or TLS 1.2 by default for secure communications using WinHTTP. NET Framework to support TLS 1.2įor more information about dependencies for specific Configuration Manager features and scenarios, see About enabling TLS 1.2.