The Schannel Registry Trap · 9 min
Windows TLS configuration is split across a registry tree, a per-process .NET override, and a runtime cache. Each layer reports the truth about itself and lies about the others. A short field note on how teams convince themselves a domain controller is hardened when it isn't.