TLS 1.1 is set as a recommended value in the latest security baseline

Hello Kayoda23,

Regarding the Windows 11 24H2 security baseline item:

The setting “Enabled: Use TLS 1.1 and TLS 1.2” does not mean that TLS 1.1 is recommended. This reflects what is already included in configuration options, mainly to avoid breaking existing systems or production environments, since some legacy applications may still require TLS 1.1 like SQL server 2012, 2014 and 2016.

From a modern security perspective, the recommendation is to use TLS 1.2 or higher (ideally TLS 1.3) and disable TLS 1.1 wherever possible.

In short, TLS 1.1 is included for compatibility reasons, not as a best-practice recommendation.

Thanks,

Moetaz RABAI