Microsoft reminded users that insecure Transport Layer Security (TLS) 1.0 and 1.1 will soon be disabled in future Windows versions. TLS secure communication protocol is designed to protect users from eavesdropping, tampering, and falsification of messages when exchanging information through client/server applications and accessing this information over the Internet. The original TLS 1.0 specification and its successor TLS 1.1 have been around for nearly two decades; TLS 1.0 was first introduced in 1999 and TLS 1.1 in 2006).

After extensive discussions and the development of 28 draft protocols, the Internet Engineering Task Force (IETF) approved the next major version of the TLS protocol, TLS 1.3, in March 2018.

“This change only applies to future new Windows operating systems, both client and server versions. Microsoft reminded customers on Friday that this change will not affect previously released versions of Windows.

“Starting September 2023, TLS versions 1.0 and 1.1 will be disabled by default on Windows 11 Insider Preview builds. There is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility.”

The transition is expected to have minimal impact on Windows home users where expected issues are limited. However, it is recommended that enterprise administrators run tests to identify infected applications and then update or replace them.

Applications that have problems or crash after disabling older versions of TLS will be marked with event 36871 in the Windows event log.

While the option to re-enable insecure TLS via the Windows Registry still exists, this should only be done as a last resort until incompatible programs are updated or replaced. It’s also worth noting that Microsoft has warned that support for these versions of TLS may be removed entirely.

Denying outdated traffic encryption protocols

This is after Microsoft, Google, Apple and Mozilla announced in October 2018 that they plan to phase out insecure TLS protocols and start the process in the first half of 2020.

Microsoft was enabling TLS 1.3 by default in Windows 10 Insider builds until August 2020. The NSA also published guidance in January 2021 to identify and replace legacy versions and configurations of the TLS protocol with modern and secure alternatives.

“Legacy configurations give attackers access to sensitive operational traffic through a variety of techniques, such as passive decryption and traffic modification via man-in-the-middle attacks,” the NSA said.

“Attackers can use legacy Transport Layer Security (TLS) configurations to gain access to sensitive data with little skill.” Source