Windows: Microsoft reminds of coming TLS 1.0/1.1 deactivation

Windows[German]It's a topic that has been addressed several times here on the blog: The days of using the TLS 1.0 and TLS 1.1 protocols to communicate with servers are coming to an end. The protocols are no longer considered secure and should no longer be used. Microsoft has again taken the opportunity on September 1, 2023 to inform administrators that the two protocols will be disabled "in the near future" under Windows "in upcoming operating system versions".


Advertising

I had already pointed out at the weekend in the article Deprecated Windows features: WordPad to disappear from Windows after 28 years that besides WordPad also the TLS 1.0/1.1 transport encryption had been classified as "obsolete" by Microsoft.

Since August 1, 2023, it was already known that TLS versions 1.0 and 1.1 would be retired. Microsoft will start turning off support for transport encryption with TLS 1.0 and 1.1 in the Schannel protocol in September 2023 with the Windows 11 Insider builds. I had already reported on this in a timely manner in the blog post  Windows: Microsoft intends to disable TLS 1.0 and 1.1 soon by default in Schannel protocol.

Transport Layer Security (TLS)

Transport Layer Security (TLS) is the most common Internet protocol for establishing an encrypted communication channel between a client and a server. However, for historical reasons, there are different variants TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3. A problem now is the deprecated variants TLS 1.0 and TLS 1.1.

TLS 1.0/1.1 are outdated

The old protocol TLS 1.0 dates back to 1999, and is no longer considered secure, as several security holes have been found in this protocol version over time. The "newer" TLS 1.1 was released in 2006 and brought some security improvements. However, TLS 1.1 never achieved widespread acceptance. TLS 1.2 and TLS 1.3 have since been introduced and are in wide use. TLS implementations attempt to negotiate connections with the highest protocol version available. But there are fallback mechanisms if the communication partners do not support a protocol.

Over the past few years, Internet standards and regulatory agencies have deemed TLS versions 1.0 and 1.1 obsolete or disallowed due to a number of security issues. Now it's time to phase out the old protocols.


Advertising

Microsoft's next reminder

As of September 1, 2023, Microsoft has posted the entry Message Center den Eintrag TLS 1.0 and TLS 1.1 will be disabled in future Windows OSes  on the Windows Release Health page in the Message Center. Here are the key points:

  • Microsoft will disable TLS versions 1.0 and 1.1 by default in future versions of Windows. This change applies only to future new Windows operating systems, both client and server editions.
  • Windows versions that have already been released are not affected by this change.
  • In Windows 11 Insider Preview builds released in September 2023, TLS versions 1.0 and 1.1 will be disabled by default.

Microsoft does not expect home users to experience any issues from this change. In enterprises, administrators will need to test whether any communication links may be causing problems. I had pointed out in the blog post https://borncity.com/win/2023/08/07/tls-1-0-1-1-disablement-enable-schannel-event-logging-for-monitoring/ how to enable Schannel event logging for monitoring in Windows. In case of problems, administrators have the option to re-enable TLS 1.0 or TLS 1.1 to ensure compatibility. Microsoft has published this Techcommunity article with more information about this.


Advertising

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).