Microsoft to Disable TLS 1.0 and 1.1 Support By Default on Windows 11

Windows 11 approved hero 1

Microsoft announced yesterday that it will soon deprecate Transport Layer Security (TLS) versions 1.0 and 1.1 on Windows 11. The company plans to drop support for the encryption protocols by default on the latest Windows 11 Insider Preview Builds in September.

TLS is a cryptographic protocol that’s designed to provide communication security over a computer network. It enables customers to ensure the privacy, integrity, and authenticity of data exchanged between client and server systems. TLS allows encrypted transmission of sensitive data and prevents tampering by threat actors.

Microsoft had previously killed off TLS 1.0 and 1.1 support from its Microsoft Edge and Internet Explorer 11 browsers in 2020. Now, the company is ready to pull the plug on the legacy security standards in Windows 11. Microsoft says this change is part of its broader strategy to make the operating system more secure.

“Over the past several years, internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1, due to a variety of security issues. We have been tracking TLS protocol usage for several years and believe TLS 1.0 and TLS 1.1 usage data are low enough to act,“ explained Jessica Krynitsky, Program Manager at Microsoft.

Microsoft to remove TLS 1.0 and 1.1 support in future versions of Windows

Ultimately, Microsoft plans to go even further and remove TLS 1.0 and 1.1 support from all future versions of the operating system. “To increase the security posture of Windows customers and encourage modern protocol adoption, TLS versions 1.0 and 1.1 will soon be disabled by default in the operating system, starting with Windows 11 Insider Preview builds in September 2023 and future Windows OS releases,” Krynitsky added.

Microsoft explained that customers will still be able to re-enable TLS versions 1.0 and 1.1 with a registry setting. However, it should be a temporary solution until the incompatible apps are updated or replaced on Windows PCs. Microsoft recommends switching to TLS 1.2 or higher before the outdated protocols are removed completely from the OS.