Microsoft Plans to Disable Older Versions of TLS in Future Windows Releases
The Transport Layer Security (TLS) protocol, widely utilized for securing and encrypting various Internet communications, is undergoing a significant change. Microsoft recently announced its decision to phase out support for older versions of the TLS specification in upcoming Windows releases.
TLS 1.0 and TLS 1.1, the original versions introduced in 1999 and 2006 respectively, have now been deemed insecure by modern standards. To address this concern, Windows 11 builds and subsequent versions will disable these outdated TLS versions, striving to enhance the security of the Windows platform.
Why the Change?
Over the years, TLS versions 1.0 and 1.1 have gradually become obsolete as Internet standards and governing bodies favor newer iterations. In a detailed article, Microsoft’s Jess Krynitsky shed light on multiple security vulnerabilities associated with these outdated TLS versions.
Despite their historical significance, TLS 1.0 and 1.1 have fallen behind in terms of performance when compared to the newer TLS 1.2 and 1.3. As a result, contemporary implementations of internet software primarily utilize the latest protocol versions available.
It’s worth noting that the current usage of TLS 1.0 and 1.1 remains relatively low, prompting Microsoft to prioritize the adoption of modern protocols to bolster the security of the Windows ecosystem.
Implementation Timeline
Commencing with the Windows 11 Insider Preview build scheduled for September 2023, TLS versions 1.0 and 1.1 will be disabled by default. This change will extend to Windows 12 and subsequent iterations. Microsoft has diligently tested the impact of TLS deprecation and compiled a “non-exhaustive” list of applications reliant on TLS 1.0 or 1.1.
The applications affected by this change include older versions of SQL Server, Turbo Tax, BlueStacks, ACDSee Photo Studio, and more. However, Microsoft reassures users that most modern apps are compatible with TLS 1.2 or higher, minimizing the likelihood of encountering issues.
For those users who do experience compatibility problems, upcoming updates for Windows 11 and Windows 12 will feature an option to re-enable the older protocol by modifying the system login.
Restoration as a Last Resort
Microsoft advises caution when resorting to restoring TLS 1.0 or 1.1 through the registry, emphasizing its use as a “last resort” and a temporary fix until affected applications can be updated or replaced. Furthermore, the company warns that future releases may permanently remove support for previous TLS versions.
By taking these measures, Microsoft aims to ensure the highest standards of security by promoting the adoption of state-of-the-art TLS protocols, cementing its dedication to safeguarding Internet communications within the Windows environment.
The Transport Layer Security (TLS) protocol is widely used to secure and encrypt Internet communications, including email, instant messaging platforms, VoIP and HTTPS web traffic. The original TLS specification was introduced in 1999 and is now considered insecure by modern standards.
Microsoft reminds users and system administrators that Windows is phasing out support for older versions of the TLS specification. As announced in the Windows Message Center, TLS 1.0 and TLS 1.1 will be disabled in an upcoming Windows release. Redmond said the change will only apply to future Windows releases and newer Windows 11 builds. It applies to both client and server versions, but current versions of Windows will not be affected.
TLS is the primary protocol used to establish encrypted tunnels for Internet communications. But in recent years, TLS versions 1.0 and 1.1 have been phased out by Internet standards and governing bodies. In an article in early August, Microsoft’s Jess Krynitsky pointed out a number of security vulnerabilities in these TLS versions.
TLS 1.0 (introduced in 1999) and TLS 1.1 (introduced in 2006) have long surpassed TLS 1.2 and 1.3 in performance. TLS implementations of modern Internet software are designed to attempt connections using the highest protocol version available. Statistics show that the current use of TLS 1.0 and 1.1 is relatively low. Clearly, Microsoft is working hard to improve the security of the Windows platform by promoting the adoption of modern protocols.
Therefore, starting with the Windows 11 Insider Preview build scheduled for September 2023, TLS versions 1.0 and 1.1 will be disabled by default. This change will also appear in Windows 12 and subsequent versions. Microsoft has tested TLS deprecation and has identified a “non-exhaustive” list of applications that rely on TLS 1.0 or 1.1. This list includes older versions of SQL Server, Turbo Tax, BlueStacks, and ACDSee Photo Studio, among others.
Microsoft explained that most modern apps support TLS 1.2 or higher, so most users shouldn’t experience problems. However, if the app runs into issues, the upcoming Windows 11 and Windows 12 updates will provide an option to restart the old protocol by modifying the system login.
However, Microsoft warns that restoring TLS 1.0 or TLS 1.1 through the registry should only be used as a “last resort” and only as a temporary fix until the affected applications are updated or replaced. The company also warned that previous versions of TLS could be permanently removed in a future release.
#Microsoft #confirms #future #Windows #defaults #disable #TLS #TLS
