The End of TLS 1.0 and 1.1 in All Future Windows Releases – What It Means for Security

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communications over the internet. It encrypts connections between web servers and browsers to enable private data transmission via HTTPS. TLS is an essential part of internet security, allowing for secure web browsing, e-commerce transactions, banking, and more.

But like any technology, TLS has gone through various versions over the years:

  • TLS 1.0 was released in 1999 as an upgrade from SSL 2.0 and 3.0. It fixed many vulnerabilities in those protocols.
  • TLS 1.1 arrived in 2006 with additional security improvements and new features.
  • TLS 1.2 was released in 2008 and is the current standard – it contains major security enhancements from previous iterations.
  • TLS 1.3 came out in 2018 with performance optimizations and improved encryption.

Now, Microsoft has announced that future versions of Windows will no longer support the outdated TLS 1.0 and 1.1 protocols. Only TLS 1.2 and higher will be enabled.

Why is this happening?

The older TLS protocols have known weaknesses that make them susceptible to attacks. Dropping support allows an upgrade to more secure connections.

Specifically, TLS 1.0 and 1.1 have flaws like weak ciphers that can be exploited to decrypt traffic. Newer protocols use improved encryption algorithms that make snooping much harder. Disabling legacy versions forces services to adopt the latest standards if they want to be accessible in future versions of Windows.

On August 1, 2023, Microsoft announced that support for TLS 1.0 and 1.1 will be removed from future Windows releases.

This change has been on the horizon for a while. Microsoft recommended services upgrade away from TLS 1.0 and 1.1 by the end of 2020. Previously they advised that systems should be upgraded to use TLS 1.2 by Q2 2023 at the latest to avoid disruption when support is finally removed.

What you need to do next

While dropping TLS 1.0 and 1.1 improves security, it does require effort for services to migrate. But thankfully, modern web servers and most major websites already support TLS 1.2, so core internet services should have an easy transition. For organizations still using older internal systems, now is the time to upgrade and avoid headaches down the road.

Adopting the latest TLS protocols will ensure your services remain securely accessible to all users in the future. With threats growing more sophisticated, utilizing the most secure technologies has become a necessity. Moving forward, only connections leveraging TLS 1.2 or higher can promise strong protection for your data.

Have any questions about how to ensure your organization is utilizing TLS 1.2? Please reach out to one of our security experts at any time.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author