Protocols in TLS/SSL (Schannel SSP) - Win32 apps (2024)

Table of Contents
In this article TLS protocol version support DTLS protocol version support Pre-TLS standard protocols support See also Feedback Feedback In this article FAQs
  • Article

The Schannel SSP implements versions of the TLS, DTLS and SSL protocols. Different Windows versions support different protocol versions.

TLS protocol version support

The following table displays the Microsoft Schannel Provider support of TLS protocol versions.

See Also
How to enable TLS 1.2 or higherHow to configure TLS security settings in Chrome? (4269927)How to View SSL/TLS Certificate Details in Chrome 56Security Advisory- Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019

Important

Starting with Windows 11 Insider Preview releases in 2024, TLS versions 1.0 and 1.1 will be disabled by default. This change applies to both server and client devices but won't impact in-market operating system versions. For more information, see TLS 1.0 and TLS 1.1 deprecation in Windows.

Note

TLS 1.3 is supported starting in Windows 11 and Windows Server 2022. Enabling TLS 1.3 on earlier versions of Windows is not a safe system configuration.

Tip

You may need to scroll horizontally or select Expand table to view all columns in the table.

Windows OSTLS 1.0 ClientTLS 1.0 ServerTLS 1.1 ClientTLS 1.1 ServerTLS 1.2 ClientTLS 1.2 ServerTLS 1.3 ClientTLS 1.3 Server
WindowsVista/Windows Server2008EnabledEnabledNot supportedNot supportedNot supportedNot supportedNot supportedNot supported
Windows Server2008 with Service Pack2 (SP2)EnabledEnabledDisabledDisabledDisabledDisabledNot supportedNot supported
Windows7/Windows Server2008R2EnabledEnabledDisabledDisabledDisabledDisabledNot supportedNot supported
Windows8/Windows Server2012EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows8.1/Windows Server2012R2EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1507EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1511EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1607/Windows Server2016 StandardEnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1703EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1709EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1803EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1809/Windows Server2019EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1903EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 1909EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 2004EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 20H2EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 21H1EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 21H2EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
Windows10, version 22H2EnabledEnabledEnabledEnabledEnabledEnabledNot supportedNot supported
WindowsServer 2022EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled
Windows11, version 21H2EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled
Windows11, version 22H2EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled
Windows11, version 23H2EnabledEnabledEnabledEnabledEnabledEnabledEnabledEnabled

DTLS protocol version support

The following lists the Microsoft Schannel Provider support of DTLS protocol versions.

Tip

You may need to scroll horizontally or select Expand table to view all columns in this table.

See Also
How to Turn Off SSL 3.0 and TLS 1.0 in Your Internet Browser - SSL.com

Windows OSDTLS 1.0 ClientDTLS 1.0 ServerDTLS 1.2 ClientDTLS 1.2 Server
WindowsVista/Windows Server2008Not supportedNot supportedNot supportedNot supported
Windows Server2008 with SP2Not supportedNot supportedNot supportedNot supported
Windows7/Windows Server2008R2EnabledEnabledNot supportedNot supported
Windows8/Windows Server2012EnabledEnabledNot supportedNot supported
Windows8.1/Windows Server2012R2EnabledEnabledNot supportedNot supported
Windows10, version 1507EnabledEnabledNot supportedNot supported
Windows10, version 1511EnabledEnabledNot supportedNot supported
Windows10, version 1607/Windows Server2016 StandardEnabledEnabledEnabledEnabled
Windows10, version 1703EnabledEnabledEnabledEnabled
Windows10, version 1803EnabledEnabledEnabledEnabled
Windows10, version 1809EnabledEnabledEnabledEnabled
Windows10, version 1903EnabledEnabledEnabledEnabled
Windows10, version 1909EnabledEnabledEnabledEnabled
Windows10, version 2004EnabledEnabledEnabledEnabled
Windows10, version 20H2EnabledEnabledEnabledEnabled
Windows10, version 21H1EnabledEnabledEnabledEnabled
WindowsServer 2022EnabledEnabledEnabledEnabled
Windows11EnabledEnabledEnabledEnabled

Pre-TLS standard protocols support

The following lists the Microsoft Schannel Provider support of pre-TLS standard protocols.

Tip

You may need to scroll horizontally or select Expand table to view all columns in this table.

Windows OSPCT 1.0SSL2 ClientSSL2 ServerSSL3 ClientSSL3 Server
WindowsVista/Windows Server2008Not supportedDisabledEnabledEnabledEnabled
Windows Server2008 with SP2Not supportedDisabledEnabledEnabledEnabled
Windows7/Windows Server2008R2Not supportedDisabledEnabledEnabledEnabled
Windows8/Windows Server2012Not supportedDisabledDisabledEnabledEnabled
Windows8.1/Windows Server2012R2Not supportedDisabledDisabledEnabledEnabled
Windows10, version 1507Not supportedDisabledDisabledEnabledEnabled
Windows10, version 1511Not supportedDisabledDisabledEnabledEnabled
Windows10, version 1607/Windows Server2016 StandardNot supportedNot supportedNot supportedDisabledDisabled
Windows10, version 1703Not supportedNot supportedNot supportedDisabledDisabled
Windows10, version 1803Not supportedNot supportedNot supportedDisabledDisabled
Windows10, version 1809Not supportedNot supportedNot supportedDisabledDisabled
Windows10, version 1903Not supportedNot supportedNot supportedDisabledDisabled
Windows10, version 1909Not supportedNot supportedNot supportedDisabledDisabled
Windows10, version 2004Not supportedNot supportedNot supportedDisabledDisabled
Windows10, version 20H2Not supportedNot supportedNot supportedDisabledDisabled
Windows10, version 21H1Not supportedNot supportedNot supportedDisabledDisabled
WindowsServer 2022Not supportedNot supportedNot supportedDisabledDisabled
Windows11Not supportedNot supportedNot supportedDisabledDisabled

Important

Beginning with Windows10, version 1607 and Windows Server 2016, SSL 2.0 has been removed and is no longer supported.

Tip

All versions of Windows will accept a unified format "ClientHello" message even when SSL version 2 is disabled or no longer supported.

See also

  • TLS 1.0 and TLS 1.1 deprecation in Windows

Feedback

Was this page helpful?

Provide product feedback|

Feedback

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.

Submit and view feedback for

This product This page

Protocols in TLS/SSL (Schannel SSP) - Win32 apps (2024)

FAQs

What protocols use SSL TLS? ›

SSL and TLS are commonly used by web browsers to protect connections between web applications and web servers. Many other TCP-based protocols use TLS/SSL as well, including email (SMTP/POP3), instant messaging (XMPP), FTP, VoIP, VPN, and others.

Read On
How to ensure that TLS 1.2 is enabled as a protocol for Schannel at the operating system level? ›

How to check if TLS 1.2 is enabled? If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.

Discover More Details
What are the layers of TLS protocol? ›

In the OSI model, TLS operates on four layers: Application, Presentation, Session, and Transport; in the TCP/IP model, it operates only on the Transport layer.

Continue Reading
How to check the protocols SSL TLS enabled on that specific server? ›

How to identify if an SSL/TLS protocol is enabled/disabled
  1. Click Start or press the Windows key.
  2. In the Start menu, either in the Run box or the Search box, type regedit and press Enter. ...
  3. Navigate to follow the registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.

See Details
Top Articles
How to convert JSON object to Hashtable format using PowerShell?
PowerShell to Get a Registry Value: A Tutorial Walkthrough
Digital Health - My Connected Care
Pharmacy Technician - CVS
Latest Posts
C# Program to Check if Value exists in Hashtable
Learn Ruby: Arrays and Hashes Cheatsheet | Codecademy
Article information

Author: Terence Hammes MD

Last Updated:

Views: 6192

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.