Microsoft postpones TLS 1.0 and 1.1 deprecation to second half of 2020

Martin Brinkmann
Apr 1, 2020
Internet Explorer, Microsoft Edge
|
8

Microsoft announced yesterday that its plan to disable the security protocols TLS 1.0 and TLS 1.1 in the company's browsers has been postponed. The company wanted to disable the security protocols in the first half of 2020 initially but decided to postpone this in light of current global events.

All major browser makers pledged to disable the aging security protocols TLS 1.0 and 1.1 in the first half of 2020. Some, like Mozilla, went ahead with the change but reverted it when it became clear that some government sites still relied on these protocols. Users of Firefox could not access these sites anymore because of the disabled protocols. Mozilla re-enabled the protocols to make sure that Firefox users worldwide are able to access important sites in a time of crisis.

Microsoft's updated plan for discontinuing support for TLS 1.0 and 1.1 is as follows:

  • New Chromium-based Microsoft Edge: TLS 1.0 and 1.1 will be disabled by default "no sooner than Microsoft Edge version 84". The browser is scheduled for a July 2020 release.
  • Classic Microsoft Edge browser: TLS 1.0 and 1.1 will be disabled by default on September 8, 2020.
  • Microsoft Internet Explorer 11: TLS 1.0 and 1.1 will be disabled by default on September 8, 2020.

Options are provided to enable TLS 1.0 and 1.1. if required. Users find settings to enable TLS 1.0 and TLS 1.1 in the Internet Options under Advanced.

Administrators may also change the settings in the Windows Registry. Here is how that is done:

  1. Open the Windows Registry Editor, e.g. by using Windows-R to open the run box, typing regedit.exe, and hitting the Enter-key.
  2. Confirm the UAC prompt that is spawned.
  3. Go to HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  4. For TLS 1.0, do the following:
    1. If you don't see a TLS 1.0 entry, create one by right-clicking on Protocols and selecting New > Key. Name the key TLS 1.0.
    2. Right-click on TLS 1.0 and select New > Key. Name it Client.
    3. Right-click on the newly created Client key and select New > Dword (32-bit) Value. Name it Enabled.
    4. The default value is 0 which means that TLS 1.0 is disabled. To enable it, set the value to 1 instead.
  5. For TLS 1.1, do the following:
    1. f you don't see a TLS 1.1 entry, create one by right-clicking on Protocols and selecting New > Key. Name the key TLS 1.1.
    2. Right-click on TLS 1.1 and select New > Key. Name it Client.
    3. Right-click on the newly created Client key and select New > Dword (32-bit) Value. Name it Enabled.
    4. The default value is 0 which means that TLS 1.0 is disabled. To enable it, set the value to 1 instead.
  6. Exit the Registry Editor and restart Windows.

You can use a service such as the SSL/TLS Client Text by Browserleaks to list the supported protocols of the browser.

Now You: Have you visited sites recently that rely on these older protocols?

Summary
Microsoft postpones TLS 1.0 and 1.1 deprecation to second half of 2020
Article Name
Microsoft postpones TLS 1.0 and 1.1 deprecation to second half of 2020
Description
Microsoft announced yesterday that its plan to disable the security protocols TLS 1.0 and TLS 1.1 in the company's browsers has been postponed.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Rocket said on April 5, 2020 at 4:57 pm
    Reply

    Why is this even news? I use Firefox 52ESR on Windows XP and it has TLS 1.2. So long as browsers on ancient OSes still work, I care not about this news.

  2. pioruns said on April 2, 2020 at 10:52 am
    Reply

    I disabled support for TLS 1.0, 1.1 and 1.2 completely in Firefox via a setting. I did that a year ago. Since then I found few websites which would not load. I decided to skip them.
    But in last quarter I found none.
    Why keeping dead TLS 1.0 and 1.1 still around i have no idea.
    Best is to avoid Microsoft.

    1. ShintoPlasm said on April 2, 2020 at 1:29 pm
      Reply

      Why did you disable 1.2?

      1. pioruns said on April 3, 2020 at 8:09 am
        Reply

        Because 1.3 is around! And it works perfectly. As I mentioned I only found few pages in whole last year which have been most likely 1.2 and failed to load. Now, I can’t find any. Whole “normal” mainstream Internet is on 1.3 now. No point to keep 1.2 enabled. Also TLS 1.2 had security flaws not present in 1.3.

  3. Not Sure said on April 2, 2020 at 8:28 am
    Reply

    resist ID2020, Bill Gates, Microsoft, the “chip” and/or “tattoo.” People are desperate and given a few more months of these shutdowns and shut-ins, would probably take a QR code on their forehead if it came to that.

    1. ShintoPlasm said on April 2, 2020 at 10:28 am
      Reply

      What…?

  4. polbel said on April 2, 2020 at 4:52 am
    Reply

    There probably is a 49% chance a human contagion will do us in, and another 49% i would bet is gonna be some really messy UEFI injection by M$ for the NSA. Good luck with your online banking transactions!

  5. Malte said on April 1, 2020 at 8:22 pm
    Reply

    Off-Topic: Cloudflare anounced “1.1.1.1 for Families”
    https://blog.cloudflare.com/introducing-1-1-1-1-for-families/

    Malware Blocking Only
    Primary DNS: 1.1.1.2
    Secondary DNS: 1.0.0.2

    Malware and Adult Content Blocking
    Primary DNS: 1.1.1.3
    Secondary DNS: 1.0.0.3

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.