3
2
This is about instructions to Windows update KB3140245 on a 64-bit Windows 7 machine.
Microsoft released this update some time ago that "allows users to change system-wide default protocols for WinHTTP and hardcodes Webio default protocols to include TLS 1.1 and TLS 1.2", as explained in the KB article.
Setting TLS as default would probably be useful to help mitigate security problems with SSL.
This question is about this part of the knowledge article:
The DefaultSecureProtocols registry entry can be added in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
On x64-based computers, DefaultSecureProtocols must also be added to the Wow6432Node path:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
The registry value is a DWORD bitmap. The following values can be used in any combination to enable multiple protocols by default:
...or more specifically, the parts of the instructions highlighted with red in below image:
Firstly the instructions seem to imply that user can enter multiple DWORD-values of name DefaultSecureProtocols
in combination, but that is not possible (the names of the values must be unique under a particular key).
Secondly the (hexadecimal) values displayed in the KB article are too long (it is not possible to enter them as given in the registry editor) as shown in below image:
So the question I would like to ask is:
Given the limitations of the DWORD registry values, how can the 3 values displayed for the TLS 1.0, TLS 1.1, and TLS 1.2 be entered in combination?
1I guess you missed this part. "The administrator wants to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2.
Take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800) then add them together in calculator (in programmer mode), the resulting registry value would be 0x00000A00." – Moab – 2016-05-25T17:34:45.297
1Then you would set hexidecimal value in the registry to A00 – Moab – 2016-05-25T17:42:48.013