none
TLS 1.1 and TLS 1.2 enabled by default in recent update?

    Question

  • I have an XP SP3 x86 VM w/ POSReady key that I use for testing and I noticed that KB4019276 which adds TLS 1.1 and TLS 1.2 support to schannel was installed. This happened sometime in the last several months. After applying all updates via microsoft update it was installed and it seems to be working ok but according to this document:

    To benefit from the TLS 1.1 and TLS 1.2 support, you must set one or more of the registry subkeys as described in the "More Information" section.

    But I did not need to set any keys, it is using TLS 1.1 and TLS 1.2 automatically. I checked in wireshark a connection to github.com that I made with curl using schannel and it negotiated TLS 1.2 but I do not have the registry keys in that document set.

    So I would like to know if the documentation is wrong or is it a bug that I get TLS 1.2 handshakes by default without having those keys set? Thanks.

    Sunday, March 25, 2018 3:30 AM