How to Re-enable TLS 1.0 and 1.1 on Windows 11
You can re-enable TLS 1.0 and 1.1 on Windows 11, but this action drastically weakens your system’s security posture.
TLS, or Transport Layer Security, is the encryption standard that keeps your online communications private and secure. TLS 1.0 and 1.1 are outdated versions of this protocol, widely considered insecure due to known vulnerabilities.
Microsoft disabled these older protocols by default in Windows 11, beginning with the 22H2 update, to shield you from contemporary cyber threats. Newer, more secure versions like TLS 1.2 and 1.3 offer robust protection against exploits that plague TLS 1.0 and 1.1.
By reactivating TLS 1.0 or 1.1, you expose your Windows 11 PC to significant risks, including data interception and man-in-the-middle attacks.
Re-enable TLS 1.0 and 1.1 by opening Registry Editor (regedit) and navigating to 🗝️HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols. Create new keys for TLS 1.0 and TLS 1.1, then add Client and Server subkeys with DWORD values for Enabled and DisabledByDefault.
How to Check Enabled TLS Versions
Before modifying your registry, check your current configuration. You can use PowerShell to see which protocols are active. Open PowerShell as an administrator and run the command: Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\*'. This helps you identify if the keys already exist on your system.
Re-enabling TLS 1.0 and 1.1 via Registry Editor
You can re-enable TLS 1.0 and 1.1 on Windows 11 by changing settings in the Registry Editor, but you’ll need administrator permission first.
Follow these steps to modify the Schannel settings in the Windows Registry.
Step 1: Press ⊞ Win+R, type regedit, and hit Enter to open the Registry Editor.
Step 2: Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Step 3: Right-click the Protocols folder, select New > Key, and name it TLS 1.0. Inside that, create two keys named Client and Server.
Step 4: Inside both the Client and Server folders, right-click the empty space. Select New > DWORD (32-bit) Value. Name it Enabled and set the value to 1. Create another DWORD named DisabledByDefault and set the value to 0.
Step 5: Repeat these steps for TLS 1.1 if needed. Restart your computer for changes to take effect.
Troubleshooting SSL Handshake Failures
If you’re seeing an SSL handshake error, it means your computer and the server can’t agree on a secure connection, often happening with older apps. Re-enabling TLS 1.0 might help, but if the problem continues, check your Group Policy settings, as they can sometimes override registry changes for security.
Summary
Re-enabling TLS 1.0 and 1.1 is only a temporary solution for old software that needs it to work. Because these older protocols aren’t secure, they put your Windows 11 system at risk. It’s best to update your software to use newer, safer standards like TLS 1.2 or 1.3 whenever possible.
Is it safe to re-enable TLS 1.0 and 1.1 on 🪟 Windows 11?
No, it’s not really safe to re-enable TLS 1.0 and 1.1 on Windows 11 because they have known security weaknesses. You should only turn them back on briefly if a very old application absolutely needs them to connect. Always turn them off again right after you’re done to keep your computer protected.
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!