Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols.

This update enables the system administrator to specify TLS 1.1 or TLS 1.2 when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.

How to obtain the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.


There are no prerequisites to install this update on Windows Embedded POSReady 2009 or Windows Embedded Standard 2009.

Registry information

After you apply this update, see the "More information" section about the changes you have to make to the registry.

Restart requirement

You may have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

File Information

Windows XP

x86 Windows XP

File name

File version

File size















More information

Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

When an application specifies WINHTTP_OPTION_SECURE_PROTOCOLS, the system checks for the DefaultSecureProtocols registry entry. If the entry exists, the system overrides the default protocols that are specified by WINHTTP_OPTION_SECURE_PROTOCOLS by using the protocols that are specified in the registry entry. If the registry entry doesn't exist, WinHTTP uses the existing operating system defaults for WINHTTP_OPTION_SECURE_PROTOCOLS HTTP.

The DefaultSecureProtocols registry entry can be added in the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

The registry value is a DWORD bitmap. To determine the value to use, add the values that corresponds to the desired protocols. The following values are currently supported in this update.

DefaultSecureProtocols Value

Protocol enabled


Enable TLS 1.1 by default


Enable TLS 1.2 by default

For example, to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2, add the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800). The resulting registry value would be 0x00000A00.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!