Internet Properties: Enable insecure TLS server compatibility

Occasional Visitor

I am currently troubleshooting schannel errors, and I happened to come across this setting in Internet Properties. Can anyone explain how it enables insecure TLS servers to still operate even when only TLS 1.2 and 3 are permitted?



1 Reply
As best I can tell, this setting is to enable/disable the compatibility fix "EnableLegacyTls" that is referenced in the following support article:

The registry key backing setting is found at \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\LegacyTLSAppcompat which explicitly calls it "Appcompat", the name Windows uses for the application compatibility system (e.g. AppCompatFlags, compatibility shims, sysmain.sdb database). It's not well-documented, but if I think if it were another kind of "compatibility", it would not be labeled as "AppCompat" explicitly.