TLS 1.2 support and fix for RTOS bug released for WEC2013

Microsoft has published the Wave 4 October 2018 update for WEC2013. This update adds support for TLS 1.2 in WEC2013 (WEC7 already had support added for TLS 1.2 in an earlier update) and fixes the kernel handle table locking mechanism bug (as described in this blog post):

Kernel Handle Table Locking Mechanism Bugfix

181031_KB4466833 - Implemented Kernel Fast-Lock sync optimization for Windows Embedded Compact 2013.

Note that you have to set a FIXUPVAR to enable the fix. Add the following line to your config.bib file (MEMORY section) to include the fix for WEC2013:

kernel.dll:dwSyncFastLock 0 0x0001 FIXUPVAR

Unfortunately, the fix for this bug hasn't been released for WEC7. We're hoping Microsoft will publish an update containing the fix for WEC7 in the near future (the GuruCE i.MX6 BSP of course contains the fix for WEC7 as well).

Transport Layer Security

181031_KB4467918 - Transport Layer Security (TLS) 1.1 and TLS 1.2 support added to Windows Embedded Compact 2013.

TLS 1.1

The following subkey controls the use of TLS 1.1:

[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

To disable the TLS 1.1 protocol, you must create the Enabled DWORD entry in the appropriate subkey, and then change the DWORD value to 0. To re-enable the protocol, change the DWORD value to 1. By default, this entry does not exist in the registry.

Note To enable and negotiate TLS 1.1, you must create the DisabledByDefault DWORD entry in the appropriate subkey (Client, Server), and then change the DWORD value to 0.

TLS 1.2

The following subkey controls the use of TLS 1.2:

[HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

To disable the TLS 1.2 protocol, you must create the Enabled DWORD entry in the appropriate subkey, and then change the DWORD value to 0. To re-enable the protocol, change the DWORD value to 1. By default, this entry does not exist in the registry.

Note To enable and negotiate TLS 1.2, you must create the DisabledByDefault DWORD entry in the appropriate subkey (Client, Server), and then change the DWORD value to 0.

Warning The DisabledByDefault value in the registry keys under the Protocols key does not take precedence over the grbitEnabledProtocols value that is defined in the SCHANNEL_CRED structure that contains the data for an Schannel credential.

Note: Per the Request for Comments (RFC), the design implementation does not allow SSL2 and TLS 1.2 to be enabled at the same time.

Download locations

If you have access to DPC (device partner center) with the right "Embedded" permissions then you can download the Wave 4 update for WEC2013 here: https://devicepartner.microsoft.com/en-us/assets/detail/x21-98917-img.

If you don't have access to DPC, get the Wave 4 update for WEC2013 here: https://www.microsoft.com/en-us/download/details.aspx?id=42027