Microsoft is disabling TLS 1.0 and TLS 1.1 soon in Windows

Martin Brinkmann
Aug 2, 2023
Windows 10, Windows 11 News

Microsoft plans to disable the Transport Layer Security (TLS) protocol versions 1.0 and 1.1 in Windows. The company made the announcement on its Tech Community website on August 1, 2023.

The two protocols in question date back to 1999 (TLS 1.0) and 2006 (TLS 1.1) and have since been surpassed by the new versions TLS 1.2 and TLS 1.3.

Microsoft notes that security issues have been found in the older protocol versions and that "internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1 as a response. Usage of TLS 1.0 and 1.1 has dropped significantly over the years and that it is Microsoft's believe that the time has come for disabling the two protocols.

Microsoft also believes that the disabling  of the protocols will improve the security of Windows and its users, and that it may also speed up the adoption of never versions of the protocols.

Starting in September 2023, Microsoft plans to disable TLS 1.0 and TLS 1.1 in Insider builds for Windows 11 first. Thereafter, the protocols will also be disabled in "future Windows OS releases". Microsoft does not mention explicitly if the protocols will be disabled on Windows 11 systems only or if it will also make the change on Windows 10 devices. It seems likely, especially since the post has been tagged with the labels Windows 10 and Windows 11.

Check for TLS 1.0 and TLS 1.1 errors on Windows

Administrators may check the Windows Event log to determine if applications require TLS 1.0 or TLS 1.1. To do so, administrators need to look for event ID 36871 in the Windows Event Log. A sample event error message has been posted by Microsoft: "A fatal error occurred while creating a TLS <client/server> credential. The internal error state is 10013. The SSPI client process is <process ID>."

Enable TLS 1.0 and TLS 1.1 again on Windows

Windows administrators may enable TLS 1.0 and/or TLS 1.1 again after the protocols have been disabled by Microsoft. This may be necessary of needed applications rely on these protocols. Microsoft ran tests to find out which widely used applications rely on these protocols. The list includes SQL Server 2014 and 2016, Turbo Tax up to version 2018, and ACDSee Photo Studio version 2023.

Overriding the default requires editing the Windows Registry and opening the path HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\. From there, it is necessary to follow the path of the desired protocol version, e.g. TLS 1.0\Client, and to create a DWORD (32-Bit) value there, give it the name Enabled, and set its value to 1.

Note that there are Client and Server paths. You may want to check out Microsoft's support article on TLS settings in the Registry for additional information on enabling the protocols.

Closing Words

For the majority of Windows users, it might not make a difference whether TLS 1.0 or TLS 1.1 are disabled or enabled. Admins may want to check the event log once the change lands to find out if certain applications require it, and react to this appropriately.

Now You: any of your apps stilly rely on TLS 1.0 or 1.1?

Microsoft is disabling TLS 1.0 and TLS 1.1 soon in Windows
Article Name
Microsoft is disabling TLS 1.0 and TLS 1.1 soon in Windows
Microsoft plans to disable the Transport Layer Security (TLS) protocol versions 1.0 and 1.1 in Windows.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. TelV said on August 4, 2023 at 2:33 pm

    How is Microsoft going to disable them on older versions of Windows like Windows 7/8/8.1 since these OS don’t receive updates anymore.

    1. John G. said on August 4, 2023 at 10:35 pm

      @TelV, it’s obvious that an unsupported OS don’t need new updates at all. :S

    2. Martin Brinkmann said on August 4, 2023 at 2:41 pm

      Good question. Either it ignores these, as they are no longer supported, or it could push a small update. Think the first scenario is plausible.

  2. John G. said on August 3, 2023 at 9:44 pm

    TLS 1.2 is enough for all current needs. Furthermore the TLS 1.3 sometimes is rejected.

  3. just an Ed said on August 3, 2023 at 9:18 pm

    Actually, these protocols should already be disabled in your browser. I know I have my settings in Firefox set to accept only TLS 3 and 4.

    1. John G. said on August 3, 2023 at 9:51 pm

      The last version of TLS seems to be 1.3, so there is not version 1.4 yet.

    2. John G. said on August 3, 2023 at 9:50 pm

      I beg your pardon, TLS 1.4? I think there is no 1.4 version yet. :S

  4. Marti Martz said on August 2, 2023 at 6:47 pm

    ~”Ahh the obsolescence is afoot”

    Better check that hardware that has TLS/SSL interface servers (can be web) so that they don’t get “accidentally” unusable. (Think routers, IP cameras, internal controllers, etc.)

    At least they have offered a reversal (but for how long is a question).

    @Martin should “never” be “newer” in paragraph four? :) Thanks for the article.

  5. John G. said on August 2, 2023 at 5:54 pm

    “Microsoft plans…”, I know how MS plans, probably they will disable it in 2040, big LOL.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.