Microsoft To Enables TLS 1.3 By Default In Windows 10 Test Builds

Microsoft has said it plans to enable the TLS 1.3 security protocol by default in Windows 10 Insider Preview test builds, beginning with Build 20170, as part of a broader rollout to Windows 10 systems.

The move is a significant step in deploying TLS 1.3, which deprecates TLS 1.2 and includes tighter security features.

TLS, or Transport Layer Security, is the world’s most deployed security protocol, encrypting data to provide secure communications between two endpoints.

Versions of the protocol are used in applications such as web browsing, email, instant messaging and Voice over IP.

Tighter security

TLS 1.3 tightens security by eliminating obsolete cryptographic algorithms, enhancing security when using older versions and encrypting as much as possible of the handshake, the negotiation that sets up a session.

The new protocol uses only three cipher suites, reducing complexity while improving security and interoperability.

It also uses a minimal set of cleartext protocol bits on the wire, which helps facilitate the deployment of future TLS versions and makes less user information visible over the network, Microsoft said.

Previous TLS versions exposed clients’ identity during client authentication unless it was accomplished via renegotiation, but the latest version keeps client authentication confidential.

“The protocol enables encryption earlier in the handshake, providing better confidentiality and preventing interference from poorly designed middle boxes,” said programme manager Sunny Zankharia and principal software engineer Andrei Popov, of Microsoft’s enterprise and OS security group, in a blog post.

Encryption

“TLS 1.3 encrypts the client certificate, so client identity remains private and renegotiation is not required for secure client authentication.”

They said Microsoft recommends developers to begin testing TLS 1.3 in their applications and services right away.

The Microsoft Edge Legacy and Internet Explorer browsers can be configured to enable TLS 1.3 via the Advanced Settings menu, Microsoft said.

Chromium-based Microsoft Edge does not use the Windows TLS stack and is configured independently using the Edge://flags dialogue.

TLS 1.3 support is to be added to .Net beginning with version 5.0, the company said.

It noted that the three cipher suites supported in the Windows TLS stack are TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256.

Microsoft, Google, Apple and Mozilla said in October 2018 they would retire the deprecated TLS 1.0 and TLS 1.1 protocols in the first half of 2020.

However, the transition has been delayed to the second half of the year due to the novel coronavirus pandemic.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago