Windows 10 and TLS 1.3

Question

Windows 10 and TLS 1.3

Borislav Vitanov 111

Hello everyone,

we are currently checking about implementing TLS 1.3 and I found a strange information by Microsoft.

According to the article:

https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

TLS 1.3 is supported starting in Windows 11 and Windows Server 2022. Enabling TLS 1.3 on earlier versions of Windows is not a safe system configuration.

Does someone knows why implementing TLS 1.3 is "not a safe system configuration"? For me this sounds really strange. I don't understand what might be the issue. We are currently with Windows 10 22H2 and already applied TLS 1.2.

Thanks

1 answer

Your answer

Answer 1

Anonymous

Hello,

TLS 1.3 is designed with better security and faster connections in mind. Older Windows versions weren't made for it, so adding it might not be as secure because it may not fit perfectly into the system's network setup.

If you force TLS 1.3 on an older Windows version, some apps that aren't prepared for this new version could stop working correctly or have unexpected issues.

And Microsoft won't fix any bugs or security holes related to TLS 1.3 on unsupported systems. This means if a problem arises, your system stays vulnerable until you upgrade.

If the Answer is helpful, please click "Accept Answer" and upvote it.

Borislav Vitanov 111 Reputation points

2024-03-15T08:01:11.4566667+00:00

Hi @Anonymous

thank you for your answer, I appreciate it but this is not entirely true. Let me say like this, Microsoft doesn't care if an app is compatible or not. The same thing happened with SSL 3.0, TLS 1.0/1.1 and this is nothing new. The same way happened as well with IIS and AD, when we had to remove old ciphers. Moreover Microsoft announced already in 2020 that TLS 1.3 will be enable by default in Win10 Insider Preview Builds

"Transport Layer Security (TLS) 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems."

https://www.microsoft.com/en-us/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls-1-3/

but somehow didn't manage to fix such issues so far. Basically, for me, this sounds like the casual way for Microsoft to push users to use Windows11.

I checked our Servers 2022 and in registry here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

there are no settings for TLS.

Thanks

Share via

Windows 10 and TLS 1.3

1 answer

Your answer