On Windows 11, even though it’s not recommended, you can turn back on Transport Layer Security (TLS) protocol versions 1.0 and 1.1, and in this guide, you will learn how.
TLS is an encryption protocol that provides communications security over the network between a client and server, and it’s been widely available in apps such as email, instant messaging, and voice-over IP. The protocol has been around since 1999, and since then, several security weaknesses have been discovered. TLS 1.1 was published in 2006 and made some security improvements, but never grew in popularity.
TLS versions 1.0 and 1.1 have long been surpassed by TLS 1.2 and 1.3, and the protocol implementations now try to negotiate connections using the highest protocol version available.
Since the usage of the older versions of the protocol is low, Microsoft has decided to disable them on Windows 11. The only problem is that this change will still impact those using applications that use TLS versions 1.0 and 1.1, such as Microsoft SQL Server 2012, 2014, and 2016, Office 2008 Professional, and others.
However, if you have a good reason or notice the “Event 36871” in the Windows Event Log, for example, “A fatal error occurred while creating a TLS <client/server> credential. The internal error state is 10013. The SSPI client process is <process ID>,” it’s possible to enable TLS versions 1.0 and 1.1 on Windows 11, but you will have to modify the Registry.
This guide will teach you the steps to enable the older versions of TLS on Windows 11.
Enable TLS versions 1.0 and 1.1 on Windows 11
To enable TLS 1.0 and 1.1 on Windows 11, use these steps:
-
Open Start on Windows 11.
-
Search for regedit and click the top result to open the app.
-
Browse the following path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
-
Right-click the Client key, select New, and click on “DWORD (32-bit) Value.”
-
Name the key Enabled and press Enter.
-
Double-click the newly created DWORD and change its value from 0 to 1.
-
Click the OK button.
-
Browse the following path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
-
Right-click the Client key, select New, and click on “DWORD (32-bit) Value.”
-
Name the key Enabled and press Enter.
-
Double-click the newly created DWORD and change its value from 0 to 1.
-
Click the OK button.
Once you complete the steps, the older versions of the Transport Layer Security protocol will be enabled on Windows 11.
Mauro Huculak is a Windows How-To Expert who started Pureinfotech in 2010 as an independent online publication. He has also been a Windows Central contributor for nearly a decade. Mauro has over 14 years of experience writing comprehensive guides and creating professional videos about Windows and software, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me. Email him at [email protected].