Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols. This is because the definition of this flag doesn't include these applications and services.
This update adds support for DefaultSecureProtocols registry entry that allows the system administrator to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used.
This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application.
This is the case for some Microsoft Office applications when they open documents from a SharePoint library or a Web Folder, IP-HTTPS tunnels for DirectAccess connectivity, and other applications by using technologies such as WebClient by using WebDav, WinRM, and others.
This update requires that the Secure Channel (Schannel) component in Windows 7 be configured to support TLS 1.1 and 1.2. As these protocol versions are not enabled by default in Windows 7, you must configure the registry settings to ensure Office applications can successfully use TLS 1.1 and 1.2.
This update will not change the behavior of applications that are manually setting the secure protocols instead of passing the default flag.
Important: If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update.
To apply this update, you must install Service Pack 1 for Windows 7.
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
To apply this update, the DefaultSecureProtocols registry subkey must be added.
Install the "Easy fix" to populate the registry subkey.
You may have to restart the computer after you apply this update.
This update doesn't replace a previously released update.