Forum Discussion
MicrosoftTLS 1.1 is set as a recommended value in the latest security baseline
In the latest security baseline for Windows 11 24H2, the following item is set to "Use TLS 1.1 and TLS 1.2," but could you please explain the reason for this?
Download Microsoft Security Compliance Toolkit 1.0 from Official Microsoft Download Center
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn off encryption support
Enabled: Use TLS 1.1 and TLS 1.2
Generally, I believe TLS 1.1 should no longer be used, and that using "TLS 1.2 and TLS 1.3" would be better from a security standpoint.
1 Reply
Hello Kayoda23,
Regarding the Windows 11 24H2 security baseline item:
The setting “Enabled: Use TLS 1.1 and TLS 1.2” does not mean that TLS 1.1 is recommended. This reflects what is already enabled by default in Windows, mainly to avoid breaking existing systems or production environments, since some legacy applications may still require TLS 1.1.
From a modern security perspective, the recommendation is to use TLS 1.2 or higher (ideally TLS 1.3) and disable TLS 1.1 wherever possible.
In short, TLS 1.1 is included for compatibility reasons, not as a best-practice recommendation.
Thanks,
Moetaz RABAI
