Why disable deprecated protocols
You may be wondering why it is important to disable these types of protocols even if you are not going to use them. The truth is that hackers can take advantage of us having them enabled to launch attacks. At the end of the day, they are old protocols, which are totally outdated and have vulnerabilities.
If we use a browser that has TLS 1.0 enabled, for example, we could be victims of POODLE attacks, which take advantage of it. This threat means Man-in-the-Middle attacks that can take advantage of vulnerabilities in the SSL and TLS protocols to steal data and passwords. It is one of the problems in case of accessing insecure sites, which are not really protected.
When entering a website that is encrypted by TLS 1.0, we could be putting our data at risk. They are not really secure by current standards, despite the fact that a few years ago, before this protocol became obsolete, they were considered secure sites.
To avoid this type of problem it is interesting disable these protocols. This is something that we can do in the main browsers, although in many they are already disabled by default, but also in the Windows operating system itself, something that will protect the connections. Also, if we really need them to be enabled, we can configure it for it from the system.
Steps to remove TLS 1.0 and TLS 1.1 on Windows
Whether you’re using Windows 10 or Windows 11, you may want to disable some version of these protocols. Of course, they are not equal cases as we are going to see. In the case of Windows 10, the TLS 1.0 and 1.1 protocols are enabled by default, while in Windows 11 this is not the case, although we could have them enabled if we have changed the configuration.
In the case of Windows 10, we have to go to Start, look for Internet Options and go to Advanced Options and there we look for the Security section. We will see the different protocols and a box to enable or disable. By default, SSL 3.0 is disabled, but TLS 1.0 and TLS 1.1 are not, which are also deprecated.
For disable TLS 1.0 and TLS 1.1 simply uncheck the box and apply the changes. If for whatever reason we have SSL 3.0 enabled, we should also uncheck it if we want to have maximum security. It is possible that at some point we have activated it to use it, but it is not convenient to have it that way if we want to enhance security.
About Windows 11 the thing changes. Although the process to enable or disable these protocols is the same, the most problematic versions are already disabled by default in the latest version of Microsoft’s OS. However, we will also explain how to do it.
Just go to Start, we enter Internet Options, we go to Security and there we will see the activated protocols. If for some reason we needed to enable TLS 1.1 (although it is not recommended), we would only have to enable the box. The same with the rest, either activate them or remove them. The procedure is similar to the previous version of the operating system.
We can also use the Registry Editor. We have to go to the path EquipoHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols and there we will find TLS 1.0 or TLS 1.1 and the registry key. To disable it we have to change the value to 0, while to enable it we would have to put it at the value 1 and save the changes made.
If nothing appears, we can create a new key. You have to click with the right mouse button, click on New> DWORD Value (32 bits) and give it the name of TLS 1.0. There we have to set the value to 0 or 1, depending on whether we want to enable or disable it.
How to remove obsolete protocols in the browser
In this case it is different depending on which browser we use. Keep in mind that Google Chrome they have long since disabled some of the deprecated protocols by default. For security, it does not allow them to be activated and TLS 1.2 comes by default. Yes we can enable TLS 1.3.
To enable TLS 1.3 in Google Chrome we have to run chrome://flags/ in the address bar and search for TLS. We will see the TLS 1.3 Early Data option and it will come as Default. What we will do is give Enabled. Later we apply the changes and restart the browser.
what about MozillaFirefox? In this case it is different. You have to enter about:config and look for TLS there. We will see security.tls.version.min. This is to configure from which version of the TLS protocol the browser will work. If we put “2” in the value, it means that it will enable from TLS 1.1. If we put “3”, it will be from version 1.2.
In this way we can disable TLS 1.1 protocol if we put the value “3”, since it will only work through TLS 1.2 and higher. It is an easy way to enable or disable the different versions. However, we must always be aware of the security risk if we have old protocols enabled, which are obsolete.
In the case of Microsoft Edge, we would have to go to Windows settings and enable the protocols we want there. It does not have its own feature to do so.
Conclusions
We can say that the TLS 1.0 and TLS 1.1 protocols are completely obsolete in browsers, but that does not mean that there are still some websites that support them. Should we have these old versions enabled, which could be a security problem? It is definitely best to disable it. It can be used by a hacker to launch their attacks, such as what is known as POODLE.
We have seen the steps to take in both Windows 10 and Windows 11 to disable deprecated TLS protocols and even SSL 3.0. We can also easily enable them, but we should only do this if we are sure that we are not going to have any problems.
