Microsoft has confirmed that it will be formally disabling TLS (Transport Layer Security) versions 1.0 and 1.1 very soon on Windows. In a blog post titled “TLS 1.0 and TLS 1.1 soon to be disabled in Windows”, Jessica Krynitsky, a Program Manager at Microsoft, explains that the company has been tracking the usage of TLS for several years. The deprecation is to make future Windows versions, like Windows 11 version 23H2, Windows 12, and beyond, more secure as TLS 1.0 and 1.1 have shown vulnerabilities over the years, which is to be expected as they have been around since 1999 and 2006, respectively. It is noteworthy here that Windows, on the client side, has supported TLS 1.2 since Windows 8. Meanwhile, Windows 11 supports TLS version 1.3.
Over the past several years, internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1, due to a variety of security issues. We have been tracking TLS protocol usage for several years and believe TLS 1.0 and TLS 1.1 usage data are low enough to act. To increase the security posture of Windows customers and encourage modern protocol adoption, TLS versions 1.0 and 1.1 will soon be disabled by default in the operating system, starting with Windows 11 Insider Preview builds in September 2023 and future Windows OS releases.
In the past, Microsoft has disabled TLS 1.0 and 1.1 versions on Edge as well as on Internet Explorer. Others like Mozilla have done the same too.
And in the context of Windows itself, Microsoft has been making many changes under the hood to make the OS more secure. Earlier this year, the tech giant announced the deprecation of MSDT, followed by the removal of VBScript, and the addition of Rust to the Windows kernel. And last month, the company hinted at more such changes, perhaps even suggesting that there may be more TPM-like chip security features planned on the way ahead.