News

Microsoft Ending TLS 1.0 and TLS 1.1 in Windows

Future Windows releases will no longer support the Transport Layer Security (TLS) 1.0 and TLS 1.1 security protocols, Microsoft announced on Tuesday.

Those two protocols will be disabled in all future Windows operating systems releases by default. Microsoft will start the disablement first with its Windows 11 preview builds getting released sometime in September.

Here's how the announcement characterized the approach:

To increase the security posture of Windows customers and encourage modern protocol adoption, TLS versions 1.0 and 1.1 will soon be disabled by default in the operating system, starting with Windows 11 Insider Preview builds in September 2023 and future Windows OS releases. There is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility.

Older TLS Protocols
The TLS protocol is used to secure client and server traffic during Internet connections. The use of TLS 1.2 or TLS 1.3 is deemed acceptable, but older versions aren't secure.

TLS 1.0 dates from 1999, while TLS 1.1 was published in 2006. These older protocols are subject to "passive decryption" methods and "man-in-the-middle" attacks, according to the U.S. National Security Agency, which issued an advisory to block them back in 2021. Organizations should move to TLS 1.2 or 1.3 "as soon as possible," the spy agency advised, and they also should check for the use of "obsolete cipher suites," which also should be blocked.

Browser makers have long dropped support for TLS 1.0 and TLS 1.1. Client support was dropped for Microsoft 365 and Exchange Online. However, Microsoft's past TLS 1.0 and TLS 1.1 end-of-support goals have not always met their target dates, as illustrated in this 2020 Redmond article.

Microsoft now is ending support for the two older TLS protocols in Windows because their use is low.

"We have been tracking TLS protocol usage for several years and believe TLS 1.0 and TLS 1.1 usage data are low enough to act," the announcement indicated.

Solving the Problem
Blocking the use of the older TLS 1.0 and TLS 1.1 protocols may sound simple, but applications may have been "hardcoded" to use them. Organizations need to do a lot of checking for older protocol use, as well as testing their current applications when using TLS 1.2.

Microsoft's announcement listed some "top Windows applications" that it found were affected by disabling Windows support for TLS 1.0 and TLS 1.1. The "known issues" list included applications such as Safari version 5.1.7, SQL 2012, 2014 and 2016, SQL Server 2014 and SQL Server 2016, Turbo Tax 2018 and lower versions, and much more.

The announcement included roll-up-your-sleeves advice for developers and IT pros to ensure that things will work when the legacy protocols are disabled in Windows. Sometimes the problem gets resolved by just installing a newer application. Microsoft's general advice, though, is quite complex. The vicissitudes are outlined in this 2022-dated "Solving the TLS 1.0 Problem, 2nd Edition document."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.