Related: The Transport Layer Security (TLS) protocol is widely used to secure and encrypt Internet communications, including email, instant messaging platforms, VoIP, and HTTPS web traffic. The earliest TLS specifications were introduced in 1999 and are now considered insecure by modern standards.
Microsoft is alerting users and system administrators that Windows will soon drop support for older TLS specifications. TLS 1.0 and TLS 1.1 will be deactivated in upcoming versions of Windows, as announced in Windows Message Center. This change only applies to future versions of Windows and newer Windows 11 versions as stated by Redmond. This applies to both client and server editions, but current Windows versions remain unaffected.
TLS is the predominant protocol for establishing an encrypted channel for internet communication. However, the TLS versions 1.0 and 1.1 have been rejected by internet standards and regulators in recent years. In a post from early August, Jess Krynitsky from Microsoft commented highlighted that these TLS versions have several security vulnerabilities.
TLS 1.0 (introduced in 1999) and TLS 1.1 (introduced in 2006) have long been surpassed by TLS 1.2 and 1.3. The TLS implementations of modern Internet software are designed to connect using the highest protocol version available. The data shows that TLS 1.0 and 1.1 usage is currently relatively low. Microsoft is obviously striving to increase the security of the Windows platform by encouraging the adoption of modern protocols.
Consequently, starting with the Windows 11 Insider Preview builds scheduled for release in September 2023, TLS versions 1.0 and 1.1 will be disabled by default. This change will also be seen in Windows 12 and subsequent versions. Microsoft has conducted TLS elimination tests and has identified a “non-exhaustive” list of applications that depend on TLS 1.0 or 1.1. This list includes older versions of SQL Server, Turbo Tax, BlueStacks, and ACDSee Photo Studio, among others.
Microsoft clarified that most modern applications support TLS 1.2 or higher versions, so the majority of users shouldn’t have any problems. However, should an application experience problems, upcoming updates for Windows 11 and Windows 12 will provide an option to re-enable the older protocols by modifying the system registry.
However, Microsoft cautions that restoring TLS 1.0 or TLS 1.1 via the registry should only be a “last resort,” that is, a temporary fix until the affected applications are updated or replaced. The company also warns that older TLS versions may be permanently removed in future releases.