If you are adjusting the TLS/SSL/Cipher protocols on your system and need to determine what protocols are actually being used or required, here is an easy method to check.
Enable Schannel Logging (Windows TLS Provider)
- This logs TLS negotiation details to the Event Viewer.
- Registry path:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Add or set:
EventLogging = DWORD:00000007 (Default is 1)
Reboot the system.
Check: Event Viewer > System > Source: Schannel
Look for events that indicate cipher negotiation success or failure.
This should reveal the TLS connection and the Ciphersuite used, typically represented similar to 0x0030 (TLS_RSA_WITH_AES_256_CBC_SHA)
Here is a table for reference:
