Windows will retire TLS 1.0 and TLS 1.1 in the near future

Microsoft plans to disable Transport Layer Security (TLS) protocol versions 1.0 and 1.1 in Windows. The company announced the news on its Technology Community website on February 1, 2023.

These two protocols date back to 1999 (TLS 1.0) and 2006 (TLS 1.1) and have since been surpassed by new versions TLS 1.2 and TLS 1.3.

Microsoft noted that security issues were discovered in older protocol versions and that “Internet standards and regulators have deprecated or disallowed TLS versions 1.0 and 1.1 in response. Over the years, TLS 1.0 and 1.1 have Usage has dropped significantly, and Microsoft believes the time has come to disable both protocols.

Microsoft also believes that disabling the protocols will improve the security of Windows and its users, and may also speed up the adoption of never-before-released versions of the protocols.

Starting in January 2023, Microsoft plans to disable TLS 1.1 and TLS 11.11 first in Windows 0 Insider builds. After that, these protocols will also be disabled in "future Windows operating system versions." Microsoft hasn't explicitly mentioned whether it's disabling the protocol only on Windows 10 systems, or if the change will be made on Windows 10 devices as well. This seems likely, especially since the post has been tagged Windows 11 and Windows <> .

Checking for TLS 1.0 and TLS 1.1 errors on Windows

Administrators can check the Windows event log to determine whether an application requires TLS 1.0 or TLS 1.1. To do this, the administrator needs to Look for Event ID 36871 in the event log. Microsoft posted a sample event error message: "A fatal error occurred while creating TLS credentials. Internal error status is 10013. The SSPI client process is ".

Re-enabling TLS 1.0 and TLS 1.1 on Windows

Windows administrators can re-enable TLS 1.0 and/or after Microsoft has disabled the protocol TLS 1.1. This may be necessary for required applications that rely on these protocols. Microsoft ran tests to find out which widely used applications rely on these protocols. The list includes SQL Server 2014 and 2016, Turbo Tax version 2018 and ACDSee Photo Studio version 2023.

Overriding the default requires editing the Windows Registry and opening the path HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\. From there, there It is necessary to follow the path to the desired protocol version, for example TLS 1.0\Client, and create a DWORD (32-bit) value there, name it Enabled, and set its value to 1.

Please note, There are client and server paths. You may want to check out Microsoft's support article for additional information on enabling the protocol.

The above is the detailed content of Windows will retire TLS 1.0 and TLS 1.1 in the near future. For more information, please follow other related articles on the PHP Chinese website!