Windows and Supported TLS Versions

SocketTools uses the Microsoft CryptoAPI and Schannel security package to implement support for secure connections using TLS. Which versions of TLS are available will depend on the version of the operating system you are using.

SocketTools automatically handles the differences between the operating systems in terms of functionality and which security APIs are available. However, the highest version of TLS your application can negotiate is constrained by the operating system. The following table lists the supported versions of TLS for each version of Windows.

Windows Desktop Minimum Build TLS 1.0 TLS 1.2* TLS 1.3
Windows XP 2600 (SP3)
Windows Vista 6002 (SP2)
Windows 7 7601 (SP1)
Windows 8 9200
Windows 8.1 9600
Windows 10 18362 (1903)
Windows Server        
Windows Server 2003 3790
Windows Server 2003 R2 3790
Windows Server 2008 6003
Windows Server 2008 R2 7601
Windows Server 2012 9200
Windows Server 2012 R2 9600
Windows Server 2016 14393
Windows Server 2019 18362 (1903)

* Operating system support for TLS 1.2 also includes TLS 1.1.

If your application requests a higher version of TLS than what is supported for the version of Windows it is running on, it will downgrade to using the highest available version available. If your application requests TLS 1.2 and it is running on a Windows Vista or Windows Server 2008 system, it will only attempt to use TLS 1.0.

Because most servers today will reject connections which attempt to use TLS 1.0 or TLS 1.1,  most secure connections will fail on versions of Windows prior to Windows 7 and Windows Server 2008 R2. Windows 7 should be considered the minimum supported platform for secure connections.

Windows TLS 1.3 Support

Microsoft has not provided a roadmap for their implementation of TLS 1.3 on Windows 10 and Windows Server 2019. They have added support for TLS 1.3 as of build 1903, but have stated this is for testing purposes and should not be used in a production environment.

SocketTools 10 includes options for TLS 1.3 and supports the Schannel options required to enable it. However, according to Microsoft’s guidance, we do not recommend you enable TLS 1.3 except for internal development and testing purposes. SocketTools will continue to use TLS 1.2 by default, even if the system is capable of supporting TLS 1.3.

Currently there is no indication that Microsoft plans to support TLS 1.3 on earlier versions of Windows. SocketTools will only support TLS 1.3 on Windows 10 Build 1903 and Windows Server 2019 Build 1903 or later versions.

See Also

Support for TLS 1.2 on Windows XP
Support for TLS 1.0 and PCI Compliance