Microsoft has informed users that it will soon disable support for the outdated and insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in future Windows releases. TLS is a secure communication protocol designed to protect users from eavesdropping, tampering, and message forgery when transmitting and accessing information over the internet through client/server applications.
The original TLS 1.0, introduced in 1999, and its successor TLS 1.1, introduced in 2006, have been in use for almost two decades. After extensive discussions and the development of 28 protocol drafts, the Internet Engineering Task Force (IETF) approved TLS 1.3 as the next major version of the TLS protocol in March 2018.
Microsoft clarified that the changes regarding the disabling of TLS versions 1.0 and 1.1 will only affect future Windows operating systems, not those already released. Starting in September 2023, Windows 11 Insider Preview builds will disable TLS 1.0 and 1.1 by default, but users can re-enable them for compatibility. While this transition is expected to have minimal impact on home users, enterprise administrators are advised to test and update affected apps. Apps encountering issues will be logged in the Windows Event Log. Re-enabling insecure TLS should be a last resort, as Microsoft may eventually remove support for these versions.
Transitioning away from obsolete traffic encryption protocols
In August 2020, Microsoft enabled TLS 1.3 as the default option in Windows 10 Insider builds. Additionally, the NSA issued guidance in January 2021 on recognizing and replacing outdated TLS protocol versions and configurations with more secure alternatives.
The NSA emphasized that obsolete configurations can expose sensitive operational traffic to adversaries, who can employ various techniques like passive decryption and man-in-the-middle attacks to access and manipulate the data. Attackers can exploit outdated TLS protocol configurations with relative ease to gain access to sensitive information.
