Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the difference between the DisabledByDefault and Enabled SSL/TLS registry keys on Microsoft Windows?

Tags:

windows

ssl

schannel

Microsoft provides best practices guidance for Transport Layer Security (TLS). This document describes registry keys that can enable or disable a specific protocol.

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-schannel-protocols-in-the-windows-registry

For example, to enable TLS 1.2, you can add the following registry keys. 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:FFFFFFFF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:FFFFFFFF

What is the difference between DisabledByDefault and Enabled? They seem redundant.

like image 275
Timothy Schoonover Avatar asked Jul 18 '18 15:07

Timothy Schoonover

People also ask

What is DisabledByDefault?

When DisabledByDefault flag is set to 1, SSL / TLS version X is not used by default. If an SSPI app requests to use this version of SSL / TLS, it will be negotiated. In a nutshell, SSL is not disabled when you use DisabledByDefault flag.

What is difference between SSL and TLS?

Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.

How can I tell if TLS 1.2 is enabled in registry?

How to check if TLS 1.2 is enabled? If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.

How do I know if TLS version is enabled in Windows?

1. Click on: Start -> Control Panel -> Internet Options 2. Click on the Advanced tab 3. Scroll to the bottom and check the TLS version described in steps 3 and 4: 4.

1 Answers

DisabledByDefault and Enabled are not redundant

When DisabledByDefault flag is set to 1, SSL / TLS version X is not used by default. If an SSPI app requests to use this version of SSL / TLS, it will be negotiated. In a nutshell, SSL is not disabled when you use DisabledByDefault flag.

When Enabled flag is set to 0, SSL / TLS version X is disabled and cannot be nagotiated by any SSPI app (even if DisabledByDefault flag is set to 0).

For more information, Microsoft documentation describes what SSL version is maintained or not, and how to disable it.

like image 139
Trevor65 Avatar answered Sep 19 '22 08:09

Trevor65
Sign in to Comment

Related questions

Installer or no installer?
How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED?
In Win7, Unicode/ UTF-8 text file: gibberish on Windows console (Trying to display hebrew)
What is the difference between handle and thread?
How can I start the JFileChooser in the Details view?
what does .seek means in ruby
C++ QT vs C# .NET for Windows Development [closed]
Print all std::locale names (Windows)
Can't remove a file which created by `tempfile.mkstemp()` on Windows
How can I run wildfly in debug mode, as a service on Windows?
Watermark in System.Windows.Forms.TextBox
How do I create a shortcut (.lnk) with a relative target?
How can I call a exported function using ordinal number
How to compare BSTR against a string in c/c++?
Advantages of running an application as a service
FindFirstFile Multiple file types
Using a custom Tee command for .bat file
SSPI header file - fatal error
Can't access newly created projects in visual studio
npm install does nothing - how make it work?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!