Microsoft To Enables TLS 1.3 By Default In Windows 10 Test Builds

Microsoft has said it plans to enable the TLS 1.3 security protocol by default in Windows 10 Insider Preview test builds, beginning with Build 20170, as part of a broader rollout to Windows 10 systems.

The move is a significant step in deploying TLS 1.3, which deprecates TLS 1.2 and includes tighter security features.

TLS, or Transport Layer Security, is the world’s most deployed security protocol, encrypting data to provide secure communications between two endpoints.

Versions of the protocol are used in applications such as web browsing, email, instant messaging and Voice over IP.

Tighter security

TLS 1.3 tightens security by eliminating obsolete cryptographic algorithms, enhancing security when using older versions and encrypting as much as possible of the handshake, the negotiation that sets up a session.

The new protocol uses only three cipher suites, reducing complexity while improving security and interoperability.

It also uses a minimal set of cleartext protocol bits on the wire, which helps facilitate the deployment of future TLS versions and makes less user information visible over the network, Microsoft said.

Previous TLS versions exposed clients’ identity during client authentication unless it was accomplished via renegotiation, but the latest version keeps client authentication confidential.

“The protocol enables encryption earlier in the handshake, providing better confidentiality and preventing interference from poorly designed middle boxes,” said programme manager Sunny Zankharia and principal software engineer Andrei Popov, of Microsoft’s enterprise and OS security group, in a blog post.


“TLS 1.3 encrypts the client certificate, so client identity remains private and renegotiation is not required for secure client authentication.”

They said Microsoft recommends developers to begin testing TLS 1.3 in their applications and services right away.

The Microsoft Edge Legacy and Internet Explorer browsers can be configured to enable TLS 1.3 via the Advanced Settings menu, Microsoft said.

Chromium-based Microsoft Edge does not use the Windows TLS stack and is configured independently using the Edge://flags dialogue.

TLS 1.3 support is to be added to .Net beginning with version 5.0, the company said.

It noted that the three cipher suites supported in the Windows TLS stack are TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256.

Microsoft, Google, Apple and Mozilla said in October 2018 they would retire the deprecated TLS 1.0 and TLS 1.1 protocols in the first half of 2020.

However, the transition has been delayed to the second half of the year due to the novel coronavirus pandemic.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Twitter Confirms ‘Super Follow’ Option, For Paid Content

Money maker. Super follow feature coming soon on Twitter, will allow users to receive tips…

12 hours ago

Windows 10 ‘Sun Valley’ Promises Major Overhaul

OS refresh. Major update to six year old Windows 10 operating system, dubbed Sun Valley,…

15 hours ago

Oxford University Confirms Hack Of Biology Lab Studying Covid-19

NCSC investigates after hackers compromised one of the world’s top biology labs at Oxford University,…

17 hours ago

Consumer Group Which? Targets Qualcomm In Legal Action

Legal action against Qualcomm could result in 29 million UK 4G smartphone owners being entitled…

1 day ago

Google To Change Review Process Of Scientist Work

Executives at troubled Google AI research unit say they are working to retain trust, after…

1 day ago

NHS Challenged Over Data Contract With Palantir

Contract between NHS and data mining firm Palantir now at centre of lawsuit filed by…

2 days ago