News

Microsoft Ending TLS 1.0 and TLS 1.1 in Windows

Future Windows releases will no longer support the Transport Layer Security (TLS) 1.0 and TLS 1.1 security protocols, Microsoft announced on Tuesday.

Those two protocols will be disabled in all future Windows operating systems releases by default. Microsoft will start the disablement first with its Windows 11 preview builds getting released sometime in September.

Here's how the announcement characterized the approach:

To increase the security posture of Windows customers and encourage modern protocol adoption, TLS versions 1.0 and 1.1 will soon be disabled by default in the operating system, starting with Windows 11 Insider Preview builds in September 2023 and future Windows OS releases. There is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility.

Older TLS Protocols
The TLS protocol is used to secure client and server traffic during Internet connections. The use of TLS 1.2 or TLS 1.3 is deemed acceptable, but older versions aren't secure.

TLS 1.0 dates from 1999, while TLS 1.1 was published in 2006. These older protocols are subject to "passive decryption" methods and "man-in-the-middle" attacks, according to the U.S. National Security Agency, which issued an advisory to block them back in 2021. Organizations should move to TLS 1.2 or 1.3 "as soon as possible," the spy agency advised, and they also should check for the use of "obsolete cipher suites," which also should be blocked.

Browser makers have long dropped support for TLS 1.0 and TLS 1.1. Client support was dropped for Microsoft 365 and Exchange Online. However, Microsoft's past TLS 1.0 and TLS 1.1 end-of-support goals have not always met their target dates, as illustrated in this 2020 Redmond article.

Microsoft now is ending support for the two older TLS protocols in Windows because their use is low.

"We have been tracking TLS protocol usage for several years and believe TLS 1.0 and TLS 1.1 usage data are low enough to act," the announcement indicated.

Solving the Problem
Blocking the use of the older TLS 1.0 and TLS 1.1 protocols may sound simple, but applications may have been "hardcoded" to use them. Organizations need to do a lot of checking for older protocol use, as well as testing their current applications when using TLS 1.2.

Microsoft's announcement listed some "top Windows applications" that it found were affected by disabling Windows support for TLS 1.0 and TLS 1.1. The "known issues" list included applications such as Safari version 5.1.7, SQL 2012, 2014 and 2016, SQL Server 2014 and SQL Server 2016, Turbo Tax 2018 and lower versions, and much more.

The announcement included roll-up-your-sleeves advice for developers and IT pros to ensure that things will work when the legacy protocols are disabled in Windows. Sometimes the problem gets resolved by just installing a newer application. Microsoft's general advice, though, is quite complex. The vicissitudes are outlined in this 2022-dated "Solving the TLS 1.0 Problem, 2nd Edition document."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.