Microsoft has decided to disallow Transport Layer Security (TLS) versions 1.0 and 1.1 in the Windows operating system in a bid to increase the security posture of its customers and encourage modern protocol adoption. The company has warned that the move could impact SQL Servers of enterprises still using the older versions of the TLS.\n\nThese TLS versions have long been identified as having security weaknesses and were replaced with two successive upgrades, version 1.2 and 1.3.\n\n\u201cOver the past several years, internet standards and regulatory bodies have deprecated TLS versions 1.0 and 1.1, due to a variety of security issues,\u201d Microsoft said in a blog post. \u201cWe have been tracking TLS protocol usage for several years and believe TLS 1.0 and TLS 1.1 usage data are low enough to act.\u201d\n\nThe company will disable the versions by default in its Windows operating systems, starting with Windows 11 Insider Preview builds in September 2023.\n\nLegacy TLS had security flaws\n\nSince its launch in 1999, TLS 1.0 has been found to have several security weaknesses including POODLE attack vulnerability, weaker cipher suites, lack of forward secrecy, inadequate hash functions, and limited authentications.\n\nA subsequent (1.1) version released in 2006 made some security improvements but failed in broader adoption. Ultimately, they were replaced with TLS 1.2 (2008) and 1.3 (2018) rollouts.\n\nHowever, pulling out the legacy versions wasn\u2019t easy for all the adopters as it presented a few challenges including the requirement to maintain backward compatibility.\n\nIn January 2021, the National Security Agency (NSA) released guidance on eliminating obsolete TLS configurations, and many technology giants including Apple, Google, Mozilla and (now) Microsoft have announced plans to move from the outdated protocols.\n\nSeveral Microsoft applications are set to break\n\nMicrosoft has warned enterprise users about a list of applications that can be expected to break as older TLS versions are disabled. Topping the list of endangered applications is SQL Server.\n\nThe 2012, 2014, and 2016 editions of the SQL Server are expected to break. While both 2014 and 2016 still remain in support, 2012 is out of support but will receive extended security updates.\n\nOther popular applications listed in the red zone by the company include MS Office 2008 Professional, Safari 5.1.7, EVault Data Protection-7.01.6125, and Xbox One SmartGlass - 2.2.1702.2004.\n\nMicrosoft has advised upgrading applications that show hints of failure after the change. \u201cMost newer versions of applications support TLS 1.2 or higher protocol versions,\u201d Microsoft said. \u201cTherefore, if an application starts failing after this change, the first step is to look for a newer version of the application that has TLS 1.2 or TLS 1.3 support.\u201d \n\nThe discontinued protocol versions can be re-enabled with a system registry setting in the event of an application failure having no other alternative and needing to use TLS 1.0 or TLS 1.1.