- TLS protocol version support
- Update patch
- Windows 7 SP1 和 Windows Server 2008 R2 SP1
- TLS 1.2 patch
- TLS 1.3 patch
- Windows 8.1 和 Windows Server 2012 R2
- TLS 1.2 patch
- TLS 1.3 patch
- Windows 10 和 Windows Server 2016/2019
- TLS 1.2 patch
- TLS 1.3 patch
- Detecting the TLS version supported by Windows
- Recommended tool to enable TLS
- Reference documents
- Windows Server 2008 Configuration
- Third-party documents
Schannel SSP implements versions of the TLS, DTLS, and SSL protocols. Different Windows versions support different protocol versions.
Windows SChannel Secure Sockets is a secure socket protocol implementation provided by the Windows operating system, including SSL and TLS. SChannel is one of the fundamental components of secure communication, providing a series of APIs for implementing secure communication on the Windows operating system.
TLS protocol version support
The table below shows the versions of the TLS protocol supported by the Microsoft Schannel provider.
| Windows OS | TLS 1.0 client | TLS 1.0 server | TLS 1.1 client | TLS 1.1 server | TLS 1.2 client | TLS 1.2 server | TLS 1.3 client | TLS 1.3 server |
|---|---|---|---|---|---|---|---|---|
| Windows Vista/Windows Server 2008 | Enabled | Enabled | Not supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Windows Server 2008 with Service Pack 2 (SP2) | Enabled | Enabled | Disabled | Disabled | Disabled | Disabled | Not supported | Not supported |
| Windows 7/Windows Server 2008 R2 | Enabled | Enabled | Disabled | Disabled | Disabled | Disabled | Not supported | Not supported |
| Windows 8/Windows Server 2012 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 8.1/Windows Server 2012 R2 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 1507 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 1511 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10版本 1607/Windows Server 2016 Standard | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 1703 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 1709 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 1803 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 版本 1809//Windows Server 2019 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 1903 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 1909 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 2004 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 20H2 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10, version 21H1 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows 10 version 21H2 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Not supported | Not supported |
| Windows Server 2022 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| Windows 11 | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
Starting with Windows 10 version 1607 and Windows Server 2016, SSL 2.0 has been removed and is no longer supported.
Update patch
If the system does not support it, you can update the patch to enable TLS support.
Windows 7 SP1 和 Windows Server 2008 R2 SP1
TLS 1.2 patch
KB3080079Security update, supporting TLS 1.2 and DTLS 1.2.KB3140245Update program, includes encryption algorithms and cipher suites that support TLS 1.2.
TLS 1.3 patch
KB5003620It also includes security updates to ensure that the encrypted communication protocols in the system are more secure.
It's important to note that the specific effects of the patch may vary depending on the operating system version and the time of the update, and it may not even support TLS 1.3.
Windows 8.1 和 Windows Server 2012 R2
TLS 1.2 patch
KB2977292Security update, supporting TLS 1.2 and DTLS 1.2.KB3140245Update program, includes encryption algorithms and cipher suites that support TLS 1.2.
TLS 1.3 patch
KB5003612This includes security updates to ensure that encrypted communication protocols within the system are more secure.
Windows 10 和 Windows Server 2016/2019
TLS 1.2 patch
KB3147461Security update, supporting TLS 1.2 and DTLS 1.2.KB3172614Update program, includes encryption algorithms and cipher suites that support TLS 1.2.
TLS 1.3 patch
KB5003611Security update, supporting TLS 1.3 and DTLS 1.3.KB5004244Update program, includes encryption algorithms and cipher suites that support TLS 1.3.
Detecting the TLS version supported by Windows
Detection system supports TLS versions
- System Search
Windows PowerShellOpen the window and enter:
Add-Type -AssemblyName System.ServiceModel [System.Enum]::GetNames([System.Net.SecurityProtocolType])
- Set security protocol
[Net.ServicePointManager]::SecurityProtocol [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3 -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls13
Recommended tool to enable TLS
from https://www.nartac.com/Products/IISCrypto Download and install the IIS Crypto tool.
Launch the IIS Crypto tool and select the "Best Practices" tab.
In this tab, you can see all the required TLS versions and the default settings for cipher suites. To enable TLS 1.3, ensure the TLS 1.3 option box is selected. Additionally, you can customize the list of cipher suites.
Click the "Apply" button to apply the changes.
Restart your system for the changes to take effect.
Please note that you should back up your current SSL/TLS configuration before changing the TLS version and cipher suite so that you can revert to the previous configuration.
Reference documents
Windows Server 2008 Configuration
Support for TLS 1.2 and TLS 1.1 requires an update. Please refer to the update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2.
Third-party documents
- Refer to Amazon documentation:https://docs.aws.amazon.com/zh_cn/sdk-for-net/v3/developer-guide/enforcing-tls.html#enforcing-tls-dotnet-framework
This article is byDownload the whole siteThis content was compiled and edited from the internet. Please indicate the source when reprinting. Thank you.
We have previously compiled related articles:Reasons and solutions for "Request aborted: Failed to create SSL/TLS secure channel".
