How to Re-enable TLS 1.0 and 1.1 on Windows 11
You can re-enable TLS 1.0 and 1.1 on security-notifications-in-windows-11/" class="sal-link" rel="noopener" target="_blank" data-sal-id="26422">Windows 11, but doing so significantly compromises your system’s security.
TLS, or Transport Layer Security, is the encryption protocol that secures your internet connections. TLS 1.0 and 1.1 are older versions of this protocol, now considered insecure.
Microsoft disabled them by default in Windows 11 starting with version 22H2 to protect you from modern cyber threats. These older protocols have known vulnerabilities that newer versions, like TLS 1.2 and 1.3, effectively address.
Reactivating TLS 1.0 or 1.1 makes your computer susceptible to data interception and man-in-the-middle attacks, risks you avoid with current standards.
How to Check Enabled TLS Versions
Before modifying your registry, check your current configuration. You can use PowerShell to see which protocols are active. Open PowerShell as an administrator and run the command: Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\*'. This helps you identify if the keys already exist on your system.
Re-enabling TLS 1.0 and 1.1 via Registry Editor
⚠️ Admin privileges required: You must be logged in as an administrator to modify these system settings.
Follow these steps to modify the Schannel settings in the Windows Registry.
Step 1: Press ⊞ Win+R, type regedit, and hit Enter to open the Registry Editor.
Step 2: Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Step 3: Right-click the Protocols folder, select New > Key, and name it TLS 1.0. Inside that, create two keys named Client and Server.
Step 4: Inside both the Client and Server folders, right-click the empty space. Select New > DWORD (32-bit) Value. Name it Enabled and set the value to 1. Create another DWORD named DisabledByDefault and set the value to 0.
Step 5: Repeat these steps for TLS 1.1 if needed. Restart your computer for changes to take effect.
Troubleshooting SSL Handshake Failures
If you encounter an SSL handshake error, it means your computer and the server cannot agree on a secure language. This often happens when a legacy app tries to connect to an old server. If re-enabling TLS 1.0 does not fix the issue, check your Group Policy settings. Sometimes, local security policies override registry entries. Ensure that your network security settings allow legacy protocols.
Summary
Re-enabling TLS 1.0 and 1.1 is a temporary fix for legacy software compatibility. Because these protocols are outdated, they pose a significant security risk to your Windows 11 system. Always prioritize updating your software to support modern encryption standards like TLS 1.2 or 1.3. If you must use these settings, remember to disable them once your work is complete to keep your computer secure.
Is it safe to re-enable TLS 1.0 and 1.1 on 🪟 Windows 11?
No, it is not considered safe. Re-enabling these protocols exposes your system to known security flaws that modern standards have patched. You should only use this as a temporary workaround for specific legacy applications that cannot function otherwise. Always revert these changes immediately after you finish your task to maintain system integrity.
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!