Summary
Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols.
This update enables the system administrator to specify TLS 1.1 or TLS 1.2 when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.
How to obtain the update
Method 1: Windows Update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Prerequisites
There are no prerequisites to install this update on Windows Embedded POSReady 2009 or Windows Embedded Standard 2009.
Registry information
After you apply this update, see the "More information" section about the changes you have to make to the registry.
Restart requirement
You may have to restart the computer after you apply this update.
Update replacement information
This update does not replace a previously released update.
File Information
Windows XP
x86 Windows XP
File name |
File version |
File size |
Date |
Time |
Platform |
Winhttp.dll |
5.1.2600.7587 |
355,840 |
12-Oct-2018 |
17:12 |
x86 |
Updspapi.dll |
6.3.13.0 |
382,840 |
31-Jan-2018 |
18:26 |
x86 |
More information
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
When an application specifies WINHTTP_OPTION_SECURE_PROTOCOLS, the system checks for the DefaultSecureProtocols registry entry. If the entry exists, the system overrides the default protocols that are specified by WINHTTP_OPTION_SECURE_PROTOCOLS by using the protocols that are specified in the registry entry. If the registry entry doesn't exist, WinHTTP uses the existing operating system defaults for WINHTTP_OPTION_SECURE_PROTOCOLS HTTP.
The DefaultSecureProtocols registry entry can be added in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
The registry value is a DWORD bitmap. To determine the value to use, add the values that corresponds to the desired protocols. The following values are currently supported in this update.
DefaultSecureProtocols Value |
Protocol enabled |
0x00000200 |
Enable TLS 1.1 by default |
0x00000800 |
Enable TLS 1.2 by default |
For example, to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2, add the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800). The resulting registry value would be 0x00000A00.