In context: The Transport Layer Security (TLS) protocol is widely used to secure and encrypt internet communications, encompassing emails, instant messaging platforms, VoIP, and HTTPS web traffic. Introduced in 1999, the earliest TLS specifications are now deemed insecure by modern standards.
Microsoft is alerting users and system administrators that Windows will soon phase out support for older TLS specifications. TLS 1.0 and TLS 1.1 will be disabled in upcoming Windows releases, as announced in the Windows message center. This change is only for future versions of Windows and newer Windows 11 releases, as indicated by Redmond. It applies to both client and server editions, but current versions of Windows will remain unaffected.
TLS is the predominant protocol used to establish an encrypted channel for internet communication. However, TLS versions 1.0 and 1.1 have been deprecated by internet standards and regulatory bodies over recent years. In a post from early August, Microsoft’s Jess Krynitsky highlighted that these TLS versions possess several security vulnerabilities.
TLS 1.0 (introduced in 1999) and TLS 1.1 (introduced in 2006) have long been outperformed by TLS 1.2 and 1.3. Modern internet software’s TLS implementations are engineered to attempt a connection using the highest available protocol version. Data indicates that the usage of TLS 1.0 and 1.1 is relatively low currently. Microsoft is evidently striving to enhance the security of the Windows platform by promoting the adoption of contemporary protocols.
Consequently, starting with the Windows 11 Insider Preview builds set for release in September 2023, TLS versions 1.0 and 1.1 will be disabled by default. This change will also be seen in Windows 12 and subsequent versions. Microsoft has conducted tests on TLS deprecation and identified a “non-exhaustive” list of applications that are dependent on TLS 1.0 or 1.1. This list features older versions of SQL Server, Turbo Tax, BlueStacks, ACDSee Photo Studio, among others.
Microsoft clarified that most contemporary applications support TLS 1.2 or higher versions, so the majority of users should face no issues. However, if an application does encounter problems, forthcoming updates for Windows 11 and Windows 12 will offer an option to reactivate the older protocols through a modification to the System Registry.
However, Microsoft cautions that restoring TLS 1.0 or TLS 1.1 via the Registry should strictly be a “last resort” measure, meant to be a temporary fix until affected applications are updated or replaced. The company also warns that legacy TLS versions might be permanently removed in future releases.