Forum Discussion
DNS-over-TLS on Windows 11: why does the DNS client negotiate TLS 1.2 instead of TLS 1.3?
Hi, We have configured DNS-over-TLS (DoT) on Windows 11 (latest version, 25H2) using: netsh dns add encryption server=<ip> dothost=<hostname> autoupgrade=yes After capturing and analyzing...
As of Windows 11 (including 25H2), the DNS client still predominantly uses SCHANNEL_CRED when establishing DoT connections.