Security News > 2020 > August > Microsoft Enables TLS 1.3 by Default in Windows 10 Insider Preview
Microsoft this week announced that the Transport Layer Security 1.3 protocol is now enabled by default in Windows 10 Insider Preview builds, and that it will be rolled out to all Windows 10 systems.
With TLS 1.0 and TLS 1.1 considered insecure, exposing communications to a variety of attacks, including BEAST, CRIME and POODLE, tech companies such as Cloudflare, Google, Microsoft, Mozilla, and others have long been pushing for the retirement of older protocols and the broad adoption of TLS 1.3.
TLS 1.3, the tech giant says, is enabled by default in IIS/HTTP.SYS, and Microsoft Edge Legacy and Internet Explorer allow users to enable TLS 1.3 by heading to Internet options > Advanced settings.
The Chromium-based Microsoft Edge, on the other hand, does not leverage the Windows TLS stack and it can be configured using the Edge://flags dialog.
"Security support provider interface callers can use TLS 1.3 by passing the new crypto-agile SCH CREDENTIALS structure when calling AcquireCredentialsHandle, which will enable TLS 1.3 by default. SSPI callers using TLS 1.3 need to make sure their code correctly handles SEC I RENEGOTIATE," Microsoft also notes.
News URL
Related news
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)