TLS 1.3 Support with WinINet API

Question

Using WinINet family API (InternetConnect, HttpOpenRequest and more) to download files. Migrating application to support TLS 1.3 and found no way to support TLS 1.3 with WinINet.

Tried changing registry settings like - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client

It didn't change anything. Have the option to use WinHTTP API or OpenSSL and it will be additional effort to rewrite code which I would like to avoid because of limited time. Let me know if there are any options to enable TLS 1.3 with WinInet family API's.

Answer 1

For TLS 1.2 there war a registry setting:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols "=dword:0x00000A00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"DefaultSecureProtocols "=dword:0x00000A00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
"DefaultSecureProtocols "=dword:0x00000A00

The values are based on the following table:

DefaultSecureProtocols Value	Protocol	enabled
0x00000008	Enable SSL 2.0	by default
0x00000020	Enable SSL 3.0	by default
0x00000080	Enable TLS 1.0	by default
0x00000200	Enable TLS 1.1	by default
0x00000800	Enable TLS 1.2	by default

Take the value for TLS 1.1 (0x00000200) and the value for TLS 1.2 (0x00000800) then add them together in calculator (in programmer mode), the resulting registry value would be 0x00000A00.

So I would guess 0x00002000 is the value for TLS 1.3.