TLS 1.1 is set as a recommended value in the latest security baseline

Hello Kayoda23,

Regarding the Windows 11 24H2 security baseline item:

The setting “Enabled: Use TLS 1.1 and TLS 1.2” does not mean that TLS 1.1 is recommended. This reflects what is already enabled by default in Windows, mainly to avoid breaking existing systems or production environments, since some legacy applications may still require TLS 1.1.

From a modern security perspective, the recommendation is to use TLS 1.2 or higher (ideally TLS 1.3) and disable TLS 1.1 wherever possible.

In short, TLS 1.1 is included for compatibility reasons, not as a best-practice recommendation.

Thanks,

Moetaz RABAI