Search

MC485581 – Recommendations for scenarios requiring Transport Layer Security (TLS) 1.1 and below (archived)

cloudscout.one Icon

check before: 2022-12-29

Product:

Windows

Platform:

Developer, Windows Desktop, World tenant

Status:

Change type:

Admin impact

Links:

Details:

Beginning September 2022, Microsoft disabled Transport Layer Security (TLS) 1.0 and 1.1 by default for Internet Explorer and EdgeHTML. These versions of TLS are vulnerable to various attacks and are no longer considered secure. However, please note that Microsoft has not deprecated these versions of TLS - they are only disabled by default. Although Microsoft does not recommend enabling TLS 1.1 and below, organizations and home users have the option to turn TLS 1.1 and below back on through a variety of means.

Our documentation has been recently updated with details on managing TLS 1.1 and below. See KB5017811 - Manage Transport Layer Security (TLS) 1.0 and 1.1 after default behavior change in September 20, 2022.


When this will happen:


TLS 1.0 and 1.1 have been disabled by default since September 2022. Devices can re-enable these versions of TLS, or implement TLS fallback if necessary.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-12-15

updated:
2023-07-15

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2023-07-15MC MessagesBeginning September 2022, Microsoft disabled Transport Layer Security (TLS) 1.0 and 1.1 by default for Internet Explorer and EdgeHTML. These versions of TLS are vulnerable to various attacks and are no longer considered secure. However, please note that Microsoft has not deprecated these versions of TLS - they are only disabled by default. Although Microsoft does not recommend enabling TLS 1.1 and below, organizations and home users have the option to turn TLS 1.1 and below back on through a variety of means.

Our documentation has been recently updated with details on managing TLS 1.1 and below. See KB5017811 - Manage Transport Layer Security (TLS) 1.0 and 1.1 after default behavior change in September 20, 2022.


When this will happen:


TLS 1.0 and 1.1 have been disabled by default since September 2022. Devices can re-enable these versions of TLS, or implement TLS fallback if necessary.
Beginning September 2022, Microsoft disabled Transport Layer Security (TLS) 1.0 and 1.1 by default for Internet Explorer and EdgeHTML. These versions of TLS are vulnerable to various attacks and are no longer considered secure. However, please note that Microsoft has not deprecated these versions of TLS - they are only disabled by default. Although Microsoft does not recommend enabling TLS 1.1 and below, organizations and home users have the option to turn TLS 1.1 and below back on through a variety of means.
2023-07-15MC How Affectlan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default - original March 2020 announcement
2023-07-15MC prepareIf an application fails due to the new TLS default, please check if a newer version of the application is available before enabling TLS 1.1 and below. If one is not available, consider asking the app developer to make configuration changes in the app to remove dependency on these versions of TLS.


Organizations and home users have the option to turn TLS 1.1 and below back on through 2 means:


Internet Options: To open Internet Options, type Internet Options in the search box on the taskbar. You can also select Change settings from the dialog shown in Figure 1. On the Advanced tab, scroll down in the Settings panel. There you can enable or disable TLS protocols.


Group Policy Editor: To open the Group Policy Editor, type gpedit.msc in the taskbar search box. Navigate to Local Computer Policy > (Computer Configuration or User Configuration) > Administrative Templets > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page > Turn off encryption support. Select the Enabled option, then use the dropdown list to select the TLS version you want to enable as shown in Figure 8.


TLS fallback is also an option to help keep devices secure while using TLS in scenarios where it is necessary. This fallback process enables applications to fall back to TLS1.0 and 1.1 if the connection fails with secure protocols (TLS 1.2 and above).


To enable TLS fallback, changes are required on the Windows registry. Set EnableInsecureTlsFallback to 1 in the registry under the paths below.


To change settings: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
To set policy: SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


If EnableInsecureTlsFallback is not present, then you must create a new DWORD entry and set it to 1.


Additional information:


KB5017811—Manage Transport Layer Security (TLS) 1.0 and 1.1 after default behavior change on September 20, 2022 - Updated November 2022 with new guidance
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows - Applicable to Windows 7 and Windows Server
Plan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default - original March 2020 announcement
https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/
https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e
https://support.microsoft.com/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392
https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/
https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e
https://support.microsoft.com/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392
2022-12-16MC Last Updated12/15/2022 00:46:202022-12-16T01:41:14Z

*starting April 2022

Last updated 2 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!