Blog / Microsoft is Disabling Old Windows TLS Encryption.
Disabling TLS could break nothing, or everything!
Recently Microsoft announced they were going to be disabling TLS 1.0 and 1.1. This may sound like gibberish to you but the implications are significant.
But before I get into why this is a big deal, I’ll explain what TLS actually is. TLS stands for ‘Transport Layer Security’ and establishes the rules for how electronic devices setup encrypted communication. There are multiple versions of TLS with each new version improving the security and/or streamlining the process. TLS was invented in 1999 with version 1.0, while version 1.1 made its debut in 2006. Both were officially deprecated back in 2021 and were disabled in modern browsers and websites years ago.
Why are they still an issue? Primarily because Microsoft has always been concerned about backwards compatibility. That’s why these versions of TLS are still available in current versions of Windows.
Okay, but what’s the big deal about disabling those old versions? Well, unfortunately the fact of the matter is that most people don’t understand how encryption works, even for people who work with computers. After all, not every developer works on encryption projects. As a result, not everything out there is properly coded or supported.
So, what does this change mean? In simple though informal terms, it means that stuff is going to break when these settings are disabled.
But exactly what “stuff” is going break? That depends on what you have in your environment. The older the software or device, the more likely it’s going to break or become unmanageable.
Microsoft’s notice contains a couple of items that are common for many of our customers: ArcGIS and SQLServer. In that article’s comment section one user mentioned they couldn’t use their HP Printers (and they weren’t that old), while another user mentioned On Prem Power broker wasn’t working. And those are just known items. Other possibilities could include losing access to HVAC units, network switches, phone systems, and who knows what else.
Unfortunately it’s hard to predict what’s going to break because of this change. It is possible, but to do so would require an enormous amount of work to investigate everything in your environment, and at the end of the day, since you can’t eliminate human error, there’s still no way of knowing for certain if anything was missed. As a result, the best way for everyday users to find out what will happen is to turn those settings off ahead of time in a controlled test of literally everything in your network.
Fortunately that’s only the case for everyday users. TRINUS customers with a Service Deliver Manager (SDM) should expect to be contacted about this situation in the coming weeks as we work to help make this transition as stress-free as possible, and as always, if you have any questions, please don’t hesitate to contact one of our experts for more information.
This week’s Shakespeare quote comes from Hamlet: ”Every plan breaks easily, Because the intention is a slave to memory”.
Be kind, courtesy your friendly neighbourhood cyberman.