TLS Setting in Internet Options
From Lucca's Wiki
Jump to navigationJump to search
TLS Settings in Internet Options (Windows) – Application Impact Chart[edit]
This page explains which applications are affected by the TLS protocol checkboxes located in:
Control Panel → Internet Options → Advanced → Security
These settings control the Windows SChannel / WinINet TLS stack.
Applications Affected by Internet Options TLS Settings[edit]
These applications rely on Windows SChannel or WinINet and are directly affected by enabling or disabling TLS versions.
| Application | Uses Windows TLS Settings? | Notes |
|---|---|---|
| Internet Explorer | Yes | Fully controlled by Internet Options |
| Microsoft Edge (Legacy EdgeHTML) | Yes | Legacy Edge only |
| Control Panel Web Views | Yes | Built on IE engine |
| Windows Update | Yes | Uses Windows crypto stack |
| PowerShell (Windows PowerShell 5.1 and older) | Yes | Uses .NET Framework |
| .NET Framework Applications (default config) | Yes | Unless explicitly overridden |
| Microsoft Office (older builds) | Yes | Web services and activation |
| Remote Desktop Gateway | Yes | Uses SChannel |
| IIS (when using SChannel) | Yes | Server-side encryption |
| Outlook (older builds / certain auth flows) | Yes | Especially Exchange on-prem |
| WinHTTP-based Applications | Yes | Common in enterprise apps |
| SQL Server (native encryption) | Yes | Uses Windows crypto |
Applications NOT Affected by Internet Options TLS Settings[edit]
These applications use their own TLS implementation (BoringSSL, NSS, OpenSSL, etc.) and are NOT controlled by Internet Options.
| Application | Uses Windows TLS Settings? | Reason |
|---|---|---|
| Google Chrome | No | Uses BoringSSL |
| Mozilla Firefox | No | Uses NSS |
| Microsoft Edge (Chromium) | Mostly No | Uses Chromium TLS (still relies on Windows certificate store) |
| Opera | No | Chromium-based |
| Brave | No | Chromium-based |
| Discord | No | Electron (Chromium) |
| Slack | No | Electron-based |
| Zoom | No | Custom TLS stack |
| Steam | No | Uses OpenSSL |
| FileZilla | No | Own TLS library |
| Git (default config) | No* | Uses OpenSSL unless configured for SChannel |
| Java Applications (default JRE) | No | Uses Java TLS stack |
| Docker Desktop | No | Own TLS implementation |
| Node.js Applications | No | Uses OpenSSL |
Mixed or Conditional Cases[edit]
| Application | Depends? | Explanation |
|---|---|---|
| .NET Core / .NET 5+ | Usually Yes | Defaults to SChannel on Windows |
| PowerShell 7+ | Yes | Uses .NET Core |
| Git for Windows | Maybe | If configured with http.sslBackend=schannel |
| Python (requests library) | Usually No | Uses OpenSSL |
| WSL (Linux applications) | No | Uses Linux TLS stack |
Best Practice Recommendation (2026)[edit]
For Windows 10 / Windows 11 systems:
- Enable TLS 1.2
- Enable TLS 1.3
- Disable TLS 1.0
- Disable TLS 1.1
Older TLS versions should only be enabled for legacy system compatibility.
Quick Rule of Thumb[edit]
- Built into Windows → Affected
- .NET Framework app → Usually affected
- Chromium / Electron-based → Not affected
- Cross-platform open-source app → Usually not affected
