Windows 11 update settings

Microsoft ends support for TLS 1.0 and 1.1 on Windows 11

Microsoft to disable TLS 1.0 and 1.1 by default on Windows 11 in September 2023, but newer versions won't be affected.

  • Microsoft gears up to discontinue TLS 1.0 and 1.1 on Windows 11.
  • The company will start disabling the protocol in September 2023.
  • Users will still be able to enable the TLS protocol manually.
  • This will not affect TLS versions 1.2 and 1.3.

Microsoft discontinues support for Transport Layer Security (TLS) protocol versions 1.0 and 1.1 on Windows 11. The TLS is an encryption protocol that provides communications security over a computer network, and it’s widely used in apps such as email, instant messaging, and voice-over IP. However, its use in securing HTTPS remains the most publicly visible.

The protocol dates back to 1999, and several security weaknesses have been found over time. TLS 1.1 was published in 2006 and made some security improvements but grew in popularity. Since then, TLS 1.2 and 1.3 have become available with various changes.

In the past years, most of the internet has deprecated or disallowed TLS versions 1.0 and 1.1 as a result of security issues, and now, Microsoft says that the protocol usage has been decreasing to the point that it’s now the right time to phase it out to increase the security of Windows 11.

According to the company, the operating system will begin to ship TLS versions 1.0 and 1.1 disabled by default in September 2023, starting with the previews available through the Windows Insider Program. However, the protocol will continue to be available to maintain compatibility in specific scenarios.

If you have to enable the protocol manually, you will have to use the Registry by creating a DWORD registry value named “Enabled” with an entry value of “1” under:

  • HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
  • HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server

Although Microsoft has been tracking the usage of this protocol, this change will still impact those using applications that make use of the TLS versions 1.0 and 1.1, such as Microsoft SQL Server 2012, 2014, and 2016, Office 2008 Professional, and others.

If an application starts to fail when TLS 1.0 and TLS 1.1 are disabled, administrators will notice the “Event 36871” in the Windows Event Log. For example, “A fatal error occurred while creating a TLS <client/server> credential. The internal error state is 10013. The SSPI client process is <process ID>.”

It’s important to note that the company is acting on the older releases of TLS. Newer versions like 1.2 and 1.3 are still and will continue to be supported in the operating system. Also, the software giant has already abandoned TLS versions 1.0 and 1.1 on Microsoft 365 products and WinHTTP and WinINet API surfaces.

About the author

Mauro Huculak is a Windows How-To Expert who started Pureinfotech in 2010 as an independent online publication. He has also been a Windows Central contributor for nearly a decade. Mauro has over 15 years of experience writing comprehensive guides and creating professional videos about Windows and software, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 21 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me. Email him at [email protected].