Microsoft today announced its plans to disable TLS 1.0 and 1.1 by default in supported versions of Edge and IE 11 in the first half of 2020. Even though there are no known vulnerabilities with Microsoft’s implementations of TLS 1.0 and TLS 1.1, vulnerable third-party implementations are there in the market. So, Microsoft is making this move to ensure secure browsing experience for all internet users. The upcoming TLS 1.3 standard is currently in development for a future version of Edge. Microsoft is now recommending websites to move off of TLS 1.0 and 1.1 as soon as possible.
We expect the IETF to formally deprecate TLS 1.0 and 1.1 later this year, at which point protocol vulnerabilities in these versions will no longer be addressed by the IETF.