Microsoft Announces Ability to Force TLS Version Compliance

Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.

Dark Reading Staff, Dark Reading

October 1, 2019

1 Min Read

Transport Layer Security (TLS) is an important network security component with a critical caveat: TLS 1.0, introduced in 1999, has been deprecated and is no longer considered secure. TLS 1.3 is the current version, though millions are still using TLS 1.2. Now, Microsoft has introduced TLS version enforcement on Windows Server 2019 in a move that should help companies avoid inadvertently deploying TLS 1.0.

According to Microsoft, beginning with KB4490481, Windows Server 2019 allows customers to block weak TLS versions from being used with individual customer-designated certificates. The feature, called "Disable Legacy TLS," allows administrators to enforce a minimum TLS version and cipher suite for any certificate in use.

If administrators are worried about their customers or users that may still be deploying TLS 1.0, they can divide the traffic by TLS version, with one stream using TLS 1.2 or higher and the other using TLS 1.0, and both streams going to destinations on a single server.

For more, read here and here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The Etiquette of Respecting Privacy in the Age of IoT."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights