Windows 10 KB5020435 Update addresses TLS and SSL handshake failure

New out-of-band update KB5020435 for Windows 10 21H2, 21H1, and 20H2 changes, bug fixes, direct download links, and the ways to install.


Transport Layer Security (TLS) and Secure Sockets Layer (SSL) Settings are currently creating handshake failure problems for some users. To fix these, Windows updates are being rolled out to different Windows versions. One of them is KB5020435 which arrived as out-of-band update to Windows 10 21H2, 21H1, and 20H2.

Full name of this patch is “2022-10 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5020435)”. The release increases the versions to Windows 10 19044.2132,19043.2132, and 19044.2132 for 21H2, 21H1, and 20H2 respectively. See – KB5018410 Windows 10 21H2, 21H1, 20H2 Update Rolled out. Now let’s look at what’s new in the release –

Out-of-band update KB5020435 changes bug fixes and known issues

Here is the changelog –

Improvements and bug fixes

We address an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures. For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of fewer than 5 bytes within a single input buffer. If the connection fails, your app will receive the error, “SEC_E_ILLEGAL_MESSAGE”.

Known issues

Symptoms Workaround
A long-time prevailing issue is a failure to replace the Microsoft Edge browser legacy version with the modern Chromium version. This problem occurs on the computer which has Installed the version using custom ISO image media or custom offline media. However, the legacy version of the browser is removed successfully. This problem occurs only when the SSU dated 29/03/2021 isn’t installed and ISO images or custom offline media are created by slipstreaming this update.

Important: Computers that connect straightway to Windows Update are not affected. For example, Windows Update for Business.

If you want to avoid this issue you must install the most recent Servicing Stack update and LCU without any extra steps.

As a precautionary measure to not get this problem, first of all, slipstream the Servicing Stack update dated 29/03/2021 or later into ISO image or custom offline media before slipstreaming the Cumulative Update. For the same, with the combined LCU and SSU packages used for Windows 10v20H2 and v2004, you will need to unpack the Servicing Stack update from the combined package. Use the underneath steps to extract the with respect to the current cumulative update:

Unpack the cab from the msuthrough this command line (using the package for KB5020435 as an example): expand Windows10.0- KB5020435-x64.msu / <destination path>

Extract the SSU from the previously extracted cab via this command line: expand Windows10.0- /f:* <destination path>

You will then have the SSU cab, in this example named So, keep in mind to Slipstream this file into your offline image first, then the cumulative update.

Some Windows computers might have problems audio not working. Some of them might have no audio, But where others might only have Problems with certain ports, audio peripherals, or only within certain apps. Disabled Audio enhancements settings are culprits in most devices. This problem can be mitigated disparately based on your symptoms. Kindly have a look at the known issue on the page – Windows release health.

The audio problem can be addressed via a Known Issue Rollback aka KIR). This will prevent the issue from occurring on Windows computers that have not installed KB5015878 but will have no effect on devices already affected by this known issue. Keep in mind that it might consume a maximum of 24 hours for the KIR to propagate automatically.

This is the same for both non-managed business devices and consumer devices. For faster propagation, you can restart your device. Enterprise-managed users can address it by installing and setting up a special Group Policy. The special Group Policy is located at Computer Configuration => Administrative Templates => <Group Policy name listed below>. For information about deploying and configuring these special Group Policies, see How to use Group Policy to deploy a Known Issue Rollback.

Group Policy downloads with Group Policy name:

§  Download for Windows 10, version 21H2, Windows 10, version 21H2, Windows 10, version 20H2 – KB5015878 220706_045043 Known Issue Rollback

Remarkable: You must install and set up the Group Policy for your version of Windows to resolve this issue.

How to download KB5020435 on Windows 11 21H2, 21H1, and 20H2 and install

Note: To update to Windows 10 21H2 download Enablement KB KB5003791 and install it.

In the same way, use Enablement KB KB5000736 to update to Windows 10 21H1.

And at last download and install Enablemement KB KB4562830 to update to the supported editions of Windows 10 20H2.

Now make sure that you have installed servicing stack update 19044.1940, 19043.1940, or 19042.1940 on  Windows 10 21H2, 21H1, and 20H2 respectively. Once determined, move forward with the below steps to install the Out-of-band update October 2022 –

1] Via Windows update

  1. Click on Search from the taskbar and type Updates.
  2. Hit enter.
  3. Click on Check for updates.
  4. The system will immediately start scanning for the patch.
  5. Once found, the cumulative update will be downloaded.
  6. Finally, you will come across a dialog, in the end, asking when you want to install the patch. Click on Restart now.

2] Using the Manual method

  1. Go to KB5020435 direct download link.
  2. When reached the Microsoft update catalog website, find the file supporting your device.
  3. Click on Download.
  4. An isolated page will prompt; select the link lying there.
  5. Once the Standalone file of the patch is downloaded, come back to your desktop.
  6. Double-click on the .MSU file from Downloads location.
  7. Confirm the process by selecting Yes
  8. In a while, the update will be installed.

Read – How to Download and Install Update from Microsoft update catalog on Windows 11/10.

Source – Release note.

That’s all!!

Sharing is caring    Share Whatsapp

Topics:  Windows update
About Sunita
Love to play with Windows 11 and 10. Suggestion - Going for Registry change or system files edit then remember to take a backup or create a restore point before Starting.