Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols.
This update enables the system administrator to specify TLS 1.1 or TLS 1.2 when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.
How to obtain the update
Method 1: Windows Update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
There are no prerequisites to install this update on Windows Embedded POSReady 2009 or Windows Embedded Standard 2009.
After you apply this update, see the "More information" section about the changes you have to make to the registry.
You may have to restart the computer after you apply this update.
Update replacement information
This update does not replace a previously released update.
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
When an application specifies WINHTTP_OPTION_SECURE_PROTOCOLS, the system checks for the DefaultSecureProtocols registry entry. If the entry exists, the system overrides the default protocols that are specified by WINHTTP_OPTION_SECURE_PROTOCOLS by using the protocols that are specified in the registry entry. If the registry entry doesn't exist, WinHTTP uses the existing operating system defaults for WINHTTP_OPTION_SECURE_PROTOCOLS HTTP.
The DefaultSecureProtocols registry entry can be added in the following path:
The registry value is a DWORD bitmap. To determine the value to use, add the values that corresponds to the desired protocols. The following values are currently supported in this update.
|DefaultSecureProtocols Value||Protocol enabled|
|0x00000200||Enable TLS 1.1 by default|
|0x00000800||Enable TLS 1.2 by default|
For example, to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2, add the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800). The resulting registry value would be 0x00000A00.