Forcing Internet Explorer TLS1.0 in XP Deployment

G

Guest

I searched for a while on this and didnt come up with anything, so I hope
somebody can help me out...

I am setting up a new XP (SP2) image for our internet network here. When
trying to connect to secure sites (anything with https://), I cannot get IE
to connect without enabling TLS1.0. This isnt really an issue, except I
cannot find a way to force TLS1.0 to the users through a GPO or registry
setting.

I can change the registry key HKEY_LOCAL_MACHINE\SOFTWARE|Microsoft\Internet
Explorer\AdvancedOptions\CRYPTO\TLS1.0\DefaultValue from 0x00000000 (0) to
0x00000080 (128). This actually checks the box, but for some reason doesnt
actually apply the setting. I have to either uncheck and recheck it or hit
Restore Defaults before I can connect to and https:// pages.

Is there a correct way to do this? Is there something I'm overlooking that
won't allow IE in XP (SP2) to use SSL2.0 or SSL3.0 that is forcing me to use
TLS1.0?

Any help would be greatly appreciated!

-Ian
 
R

Ramesh, MS-MVP

Ian,

Undo the alteration that you made earlier. You actually need to export this
key/value:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings
"SecureProtocols"

-or-

Use Policies path:
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
"SecureProtocols"
 
G

Guest

What do I need to set
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"SecureProtocols" to? Currently it's set to 0x000000a8 (168). What do you
mean "export" the key?

Thanks,

-Ian
 
R

Ramesh, MS-MVP

In short, you need to deploy that value. The "Use SSL 2.0", "Use SSL 3.0",
"Use TLS 1.0" options store the value in the Same key. Read here:
http://groups.google.co.in/group/microsoft.public.windows.inetexplorer.ie6.ieak/msg/f0f0c3cb7fb35529

Probabilities:

SecureProtocols - if set to 0 (Decimal)
"Use SSL 2.0" is disabled
"Use SSL 3.0" is disabled
"Use TLS 1.0" is disabled

SecureProtocols - if set to 8 (Decimal)
"Use SSL 2.0" is Enabled
"Use SSL 3.0" is disabled
"Use TLS 1.0" is disabled

SecureProtocols - if set to 40 (Decimal)
"Use SSL 2.0" is Enabled
"Use SSL 3.0" is Enabled
"Use TLS 1.0" is disabled

SecureProtocols - if set to 168 (Decimal)
"Use SSL 2.0" is Enabled
"Use SSL 3.0" is Enabled
"Use TLS 1.0" is Enabled
 
G

Guest

I tried exporting this key and value to both HKLM and HKCC and neither had
the desired affect. The user still does not have TLS enabled upon logging in
locally or to the domain. It seems as if it should work...
 
R

Ramesh, MS-MVP

Will check that, Ian. BTW, have you verified if the REG value has be updated
correctly in the target systems?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unable to view HTTPS pages 4
only https - page cannot be displayed- 1
XP deployment with BDD 2007 and WDS 4
Internet Explorer 7 will not launch 2
Unable To Connect To Internet - IP Address Conflict 6
Windows 10 Hide Edge button in Internet Explorer 0
How to disable Internet Explorer updates? 2
Explorer 6 1

Top