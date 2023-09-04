Microsoft has announced that it will soon disable Transport Layer Security (TLS) versions 1.0 and 1.1 by default in Windows. While this transition may not significantly impact home users, it could present challenges for enterprise administrators. Microsoft has identified several applications that are expected to be affected by this change, including SQL Server 2014 and 2016 editions, as well as SQL Server 2012 (currently in Extended Security Updates).

Notably, SQL Server 2008 R2, which was supported through Extended Security Updates until July, now requires instructions for adding TLS 1.2 support. Alongside SQL Server, other applications on the list include Apple’s Safari browser for Windows, version 5.1.7, and several security applications, adding a hint of irony.

TLS is a protocol used to encrypt communications between a client and server. While TLS 1.2 and TLS 1.3 represent significant improvements over their predecessors, Microsoft has been eager to phase out older versions of TLS. The company stated that it has been monitoring TLS protocol usage for several years and believes that the use of TLS 1.0 and 1.1 is now low enough to act.

The process of disabling TLS 1.0 and 1.1 will roll out gradually, starting with Windows Insiders in September. The option to re-enable these protocols will remain available, though Microsoft recommends against it. Administrators who must use deprecated applications that rely on these versions may need to modify registry settings to override the system default. However, Microsoft cautions that re-enabling TLS 1.0 and 1.1 should only be done temporarily until incompatible applications can be updated or replaced.

The discontinuation of deprecated TLS versions has been an industry-wide goal for years. The US National Security Agency (NSA) published guidance on eliminating these older versions in 2021, and in 2018, major tech companies like Apple, Microsoft, Google, and Mozilla announced plans to transition away from them. While Microsoft’s progress has faced some delays, the company is now preparing to disable TLS 1.0 and 1.1 in its flagship operating system, aligning with the broader industry trend.

