On Windows 11, although it’s not recommended, you can re-enable Transport Layer Security (TLS) protocol versions 1.0 and 1.1, and in this guide, I’ll show you how to complete this configuration.
TLS is an encryption protocol that secures communication between clients and servers across a network, used in applications such as email, instant messaging, and VoIP. TLS 1.0 was introduced in 1999, followed by TLS 1.1 in 2006, which brought some improvements. However, both versions contain multiple security flaws and are considered obsolete.
Today, TLS 1.2 and TLS 1.3 are the modern standards, and most apps and services default to them for stronger security. Microsoft, along with other vendors such as Apple, Google, and Mozilla, has been phasing out support for TLS 1.0 and 1.1 for years. On Windows 11 (and recent versions of Windows Server), these older protocols are disabled by default.
The impact of this change is limited, as the vast majority of apps already use TLS 1.2 or later. However, you may encounter issues if you rely on legacy software that still relies on older protocols. For example, older Microsoft SQL Server versions (2012, 2014, 2016), outdated Office apps, or third-party software that hasn’t been updated.
If you notice connection failures or errors in the Windows Event Log, such as Event 36871 with the “A fatal error occurred while creating a TLS <client/server> credential. The internal error state is 10013. The SSPI client process is <process ID>” message, it usually means the app is trying to use TLS 1.0 or 1.1 and fails because those protocols are disabled.
In those cases, you can temporarily re-enable TLS 1.0 and 1.1 by modifying the Registry. However, remember that these protocols are insecure and should only be enabled if absolutely necessary. Also, Microsoft plans to fully remove TLS 1.0 and 1.1 support in future Windows releases (including Windows Server), meaning Registry workarounds may eventually stop working. Instead, whenever possible, update or replace apps that still depend on legacy TLS.
In this guide, I’ll outline the steps to enable the older versions of TLS on Windows 11.
Enable TLS versions 1.0 and 1.1 on Windows 11
To enable TLS 1.0 and 1.1 on Windows 11, use these steps:
-
Open Start on Windows 11.
-
Search for regedit and click the top result to open the app.
-
Browse the following path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
-
Right-click the Client key, select New, and click on “DWORD (32-bit) Value.”
-
Name the key Enabled and press Enter.
-
Double-click the newly created DWORD and change its value from 0 to 1.
-
Click the OK button.
-
Browse the following path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
-
Right-click the Client key, select New, and click on “DWORD (32-bit) Value.”
-
Name the key Enabled and press Enter.
-
Double-click the newly created DWORD and change its value from 0 to 1.
-
Click the OK button.
Once you complete the steps, the older versions of the Transport Layer Security protocol will be enabled on Windows 11.
Mauro Huculak is a Windows How-To Expert and founder of Pureinfotech in 2010. With over 22 years as a technology writer and IT Specialist, Mauro specializes in Windows, software, and cross-platform systems such as Linux, Android, and macOS.
Certifications: Microsoft Certified Solutions Associate (MCSA), Cisco Certified Network Professional (CCNP), VMware Certified Professional (VCP), and CompTIA A+ and Network+.
Mauro is a recognized Microsoft MVP and has also been a long-time contributor to Windows Central.
You can follow him on YouTube, Threads, BlueSky, X (Twitter), LinkedIn and About.me. Email him at [email protected].