Microsoft is disabling TLS 1.0 and TLS 1.1 in Windows 11... and it will break some apps
Starting next month, Microsoft is making some significant changes relating to Transport Layer Security (TLS) in Windows 11.
This security protocol has been one of the more controversial system requirements for the operating system, and the company has revealed plans to disable older versions -- specifically TLS 1.0 and TLS 1.1 -- by default from September. Microsoft has already determined that this will cause problems for a fairly lengthy list of apps, including some of its own.
- Microsoft releases PowerToys v0.72.0 with new plugins and a massively reduced footprint
- Google has moved downloads to the toolbar in Chrome -- but you can resist change if you want
- Leaked: Microsoft's secret StagingTool utility for unlocking hidden features of Windows 11
In making the announcement, Microsoft explains that it has taken the decision because "several security weaknesses" have been identified in TLS 1.0 over the years. Additionally, the company points out that TLS 1.1 was never widely adopted, and that they have both been superseded by TLS 1.2 and TLS 1.3 anyway.
As is often the case with older technology, support for TLS 1.0 and TLS 1.1 has reduced in many fields, as Microsoft explains:
Over the past several years, internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1, due to a variety of security issues. We have been tracking TLS protocol usage for several years and believe TLS 1.0 and TLS 1.1 usage data are low enough to act.
The company goes on, saying that Windows 11 will have these protocols disabled soon:
To increase the security posture of Windows customers and encourage modern protocol adoption, TLS versions 1.0 and 1.1 will soon be disabled by default in the operating system, starting with Windows 11 Insider Preview builds in September 2023 and future Windows OS releases.
Acknowledging that numerous apps will be broken by the change, Microsoft points out that "there is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility". This involves editing the registry, and it's not something that Microsoft strongly recommends.
More than 20 titles have already been identified as being affected by the disabling of older versions of TLS (the full list can be seen here), and this is the reason for making it possible to re-enable them.
But even doing this is no guarantee of a problem-free future, as Microsoft warns:
Re-enabling TLS 1.0 or TLS 1.1 on machines should only be done as a last resort, and as a temporary solution until incompatible applications can be updated or replaced. Support for these legacy TLS versions may be removed completely in the future.
Full details are available in Microsoft's announcement here.