Microsoft delays plans to disable TLS 1.0 and 1.1 by default in Edge and IE11

In October 2018 Microsoft announced that they will disable support for  TLS 1.0 and 1.1 by default in supported versions of Edge and IE 11 in the first half of 2020.

This is due to a number of vulnerable third-party implementations are in the market. Even though there are no known vulnerabilities with Microsoft’s implementations of TLS 1.0 and TLS 1.1, Microsoft was making the move to ensure secure browsing experience for all internet users.

Due to the unusual demands caused by the COVID-19 pandemic, however, Microsoft has decided to push back their plans, and have announced a new schedule, saying:

For the new Microsoft Edge (based on Chromium), TLS 1.0 and 1.1 are currently planned to be disabled by default no sooner than Microsoft Edge version 84 (currently planned for July 2020).

For all supported versions of Internet Explorer 11 and Microsoft Edge Legacy (EdgeHTML-based), TLS 1.0 and TLS 1.1 will be disabled by default as of September 8, 2020.

Microsoft has made a number of other accommodations to reduce the work of IT admins during this difficult period, including stopping optional non-security Windows updates and keeping older versions of Windows 10 in support. Microsoft is still however recommending websites to move off of TLS 1.0 and 1.1 as soon as possible.