The Schannel SSP implements versions of the TLS, DTLS, and SSL protocols. Different Windows versions support different protocol versions.

Windows SChannel secure socket is a secure socket protocol implementation provided by the Windows operating system, including SSL and TLS. SChannel is one of the basic components of secure communication. It provides a series of APIs for implementing secure communication on the Windows operating system.

TLS protocol version support

The following table shows the Microsoft Schannel provider's support for TLS protocol versions.

Starting with Windows 10 version 1607 and Windows Server 2016, SSL 2.0 has been removed and is no longer supported.

Update patch

If the system does not support it, you can update the patch to make the system support TLS version

Windows 7 SP1 和 Windows Server 2008 R2 SP1

TLS 1.2 patch

• KB3080079: Security updates to support TLS 1.2 and DTLS 1.2.
• KB3140245: Updated to include support for encryption algorithms and cipher suites for TLS 1.2.

TLS 1.3 patches

• KB5003620: Also includes security updates to ensure that encrypted communication protocols in the system are more secure.

It should be noted that the specific effect of the patch may vary depending on the operating system version and the time of the update, and it may not support TLS 1.3.

Windows 8.1 和 Windows Server 2012 R2

TLS 1.2 patch

• KB2977292: Security updates to support TLS 1.2 and DTLS 1.2.
• KB3140245: Updated to include support for encryption algorithms and cipher suites for TLS 1.2.

TLS 1.3 patches

• KB5003612: Includes security updates to ensure that encrypted communication protocols in the system are more secure.

Windows 10 和 Windows Server 2016/2019

TLS 1.2 patch

• KB3147461: Security updates to support TLS 1.2 and DTLS 1.2.
• KB3172614: Updated to include support for encryption algorithms and cipher suites for TLS 1.2.

TLS 1.3 patches

• KB5003611: Security updates to support TLS 1.3 and DTLS 1.3.
• KB5004244: Updated to include support for encryption algorithms and cipher suites for TLS 1.3.

Detect TLS versions supported by Windows

Detect the TLS version supported by the system

• System Search Windows PowerShell, open the window and enter:

Add-Type -AssemblyName System.ServiceModel [System.Enum]::GetNames([System.Net.SecurityProtocolType])

It is recommended to enable TLS tools

from https://www.nartac.com/Products/IISCrypto Download and install the IIS Crypto Tools.

Launch the IIS Crypto tool and select the Best Practices tab.

In this tab, you can see the default settings for all the TLS versions and cipher suites you need. If you want to enable TLS 1.3, make sure to select the TLS 1.3 option box. Additionally, you can customize the list of cipher suites.

Click the Apply button to apply the changes.

Reboot your system for the changes to take effect.

Please note that before changing TLS versions and cipher suites, you should back up your current SSL/TLS configuration so that you can revert to the previous configuration.

Reference Documentation

Windows Server 2008 Configuration

An update is required to support TLS 1.2 and TLS 1.1. See Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2.

• Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009

Third-party documentation

• Refer to Amazon documentation:https://docs.aws.amazon.com/zh_cn/sdk-for-net/v3/developer-guide/enforcing-tls.html#enforcing-tls-dotnet-framework

This article is provided byWebsite DownloadCollected and compiled, the content comes from the Internet. Please indicate the source when reprinting. Thank you.

We have also compiled related articles before:Causes and solutions for "The request was aborted: Failed to create SSL/TLS secure channel"