Microsoft is reminding users that Windows will soon disable insecure TLS

Microsoft reminded users that the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols will soon be disabled in future versions of Windows.

The TLS secure communication protocol is designed to protect users from eavesdropping, tampering, and forgery of messages while exchanging and accessing information over the Internet through client/server applications.

The original TLS 1.0 specification and its successor, TLS 1.1, have been in use for nearly two decades, with TLS 1.0 initially introduced. in 1999 and TLS 1.1 in 2006).

After extensive discussions and development of 28 draft protocols, in March 2018 the Internet Engineering Task Force (IETF) approved the next major version of the TLS protocol, TLS 1.3.

“This change applies only to future new Windows operating systems, both client and server editions. Windows versions already released will not be affected by this change,” Microsoft reminder customers on Friday.

“Windows 11 Insider Preview builds starting in September 2023 will have TLS 1.0 and 1.1 disabled by default. There is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility.”

The transition is expected to have a minimal impact on Windows home users, with limited expected issues. However, enterprise administrators are advised to run tests to identify any affected applications and to update or replace them later.

Applications that experience problems or fail after disabling legacy TLS versions will be flagged with event 36871 in the Windows event log.

Although the option to Re-enable insecure TLS Via the Windows Registry it will still be available, and this should only be done as a last resort so that incompatible applications can be updated or replaced.

It is also important to note that Microsoft has warned that support for these versions of TLS could face complete removal.

Move away from legacy traffic encryption protocols

This follows a joint statement from Microsoft, Google, Apple and Mozilla in October 2018, when they announced plans to begin phasing out insecure TLS protocols, with the process beginning during the first half of 2020.

As of August 2020, Microsoft has enabled TLS 1.3 by default on Windows 10 Insider builds.

The NSA also provided guidance in January 2021 on identifying and replacing outdated TLS protocol versions and configurations with modern, secure alternatives.

“Legacy configurations provide adversaries with access to sensitive operational traffic using a variety of techniques, such as passive decryption and traffic modification through man-in-the-middle attacks,” the NSA said.

“Attackers can exploit outdated Transport Layer Security (TLS) configurations to gain access to sensitive data with very few skills required.”