Microsoft Windows上的DisabledByDefault和Enabled SSL / TLS注

因此,Enabled控制您可以在此处启用的协议,而DisabledByDefault指定在省略此字段时是否启用协议(即将其保留为0).

> Managing SSL/TLS Protocols and Cipher Suites for AD FS | Microsoft Docs文章建议将禁用协议的DisabledByDefault设置为1,此外还要将Enabled设置为0.因此,如果忽略此字段,则无条件地使用DisabledByDefault自动生成该字段的值.

该字段的注释表示不建议在新代码中使用它.所以这两个注册表值几乎是多余的：

For new development,applications should set grbitEnabledProtocols to
zero and use the protocol versions enabled on the system by default.

This member is used only by the Microsoft Unified Security Protocol
Provider security package.

The global system registry settings take precedence over this value.
For example,if SSL3 is disabled in the registry,it cannot be enabled
using this member.

目前还不清楚如果您尝试使用未启用的协议会发生什么.从最后一段和a lack of any relevant AcquireCredentialsHandle error code for this case来看,我的猜测是它可能被忽略了.