[openssl-users] TLS v1.1 and v1.2 support in windows XP

Jakob Bohm jb-openssl at wisemo.com
Mon Jan 2 10:17:01 UTC 2017

On 02/01/2017 08:32, shashank.a - wrote:
> Hi,
> Please educate me whether TLS v1.1,v1.2 can be supported in windows XP 
> or not.
As for TLS versions in programs that use OpenSSL, this does not
depend on the OS, only on the OpenSSL library version (and possibly
if the program has explicitly told OpenSSL to turn it off).

As for TLS versions in Windows XPs built in programs (such as Internet
Explorer, IIS, "Outlook express", the WinHttp library etc.), this may
depend on the service pack level, but I guess there is simply no support
for TLSv1.1 or later.

Thus OpenSSL based programs (on any OS) needing to talk to native XP
programs will probably have to keep TLSv1.0 (and even SSL 3.0 !) at
least partially enabled until other people stop using XP.

It would be really useful if somebody maintained a public databases of
the SSL/TLS support in various current and old systems, including some
recommended ways to cater to old systems without significantly
weakening security when talking to modern systems.

It can be quite difficult doing this on your own (I try), especially
as publishers of "best practice" configuration guides and tests
completely ignore this, often making draconian rules that won't work
for those needing backwards compatibility with systems that can't easily
be upgraded.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list