Enable Schannel logging

To enable logging for Secure Channel logging (Schannel), use the following guide.

Add the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging (REG_DWORD)

Set one of the following values:

0x0000 Do not log
0x0001 Log error messages
0x0002 Log warnings
0x0004 Log informational and success events

When troubleshooting I like to set it to 0x0007 (0x0001 + 0x0002 + 0x0004). Reboot your machine to start the logging process.

The data will end up in the “System” eventlog with the source name of “Schannel”. You would want to keep an eye out for event id 36880, indicating a succesful event. It would look something like:

A SSL client handshake completed successfully. The negotiated cryptographic parameters are as follows.

Protocol: TLS 1.2
CipherSuite: 0xc028
Exchange strength: 256

To translate the CipherSuite use the following site:

In the example above this would translate to: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384


TLS/SSL Settings


TLS/SSL Security Considerations


Cipher Suites in TLS/SSL (Schannel SSP)


Prioritizing Schannel Cipher Suites


How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll


Update to add new cipher suites to Internet Explorer and Microsoft Edge in Windows


IIS Crypto