Microsoft to disable TLS 1.0 and 1.1 in Windows OS for enhanced security

Devesh Beri

Microsoft announced that Transport Layer Security (TLS) versions 1.0 and 1.1 will soon be disabled by default in Windows operating systems. We last heard about them in 2020. TLS is a widely-used internet protocol that establishes encrypted communication between clients and servers.

As TLS 1.0 and 1.1 were introduced in 1999 and 2006, security weaknesses have been identified over time. More recent versions, TLS 1.2 and TLS 1.3, offer improved security and are now widely adopted.

To enhance the security of Windows users and promote modern protocol adoption, TLS 1.0 and 1.1 will be disabled in Windows 11 Insider Preview builds starting September 2023 and in future Windows OS releases. This move aligns with internet standards and regulatory bodies that have deprecated or disallowed these older versions due to security concerns.

Users may encounter issues with applications that rely on TLS 1.0 or 1.1, but most newer applications support TLS 1.2 or higher. Microsoft 365 products and other APIs already disabled TLS 1.0 and 1.1.

For organizations that need to maintain compatibility, there will be an option to re-enable these legacy versions using a system registry setting. However, this should only be a temporary solution until incompatible applications can be updated or replaced.

Developers using the Security Support Provider Interface (SSPI) directly should update their code to use SCH_CREDENTIALS instead of SCHANNEL_CRED to enable TLS 1.3 and later versions.

Microsoft has tested top Windows applications with this change and identified some known issues with certain applications relying on TLS 1.0 and 1.1. Users of these applications are encouraged to seek alternatives or updates to ensure continued functionality.