To continue strengthening the security of our communications and align with current industry standards, Webroot will remove support for TLS 1.0 and TLS 1.1 in a future platform update.
This announcement is being shared well in advance to give customers several months to review their environments and ensure TLS 1.2 or higher is enabled. Additional details and timing for this change will be communicated in a future update.
Once this change is implemented, only TLS 1.2 or higher will be accepted for Webroot product communications including the Console, endpoints, and backend services.
This update ensures encrypted communication between Webroot components remains secure, compliant, and compatible with modern operating systems and platforms.
Why This Change Is Important
Transport Layer Security (TLS) is the protocol that secures the exchange of data between your systems and Webroot services.
TLS 1.0 and 1.1 are now deprecated and no longer considered secure by major technology vendors and compliance frameworks (e.g., PCI DSS, NIST, Microsoft, and Apple).
By moving fully to TLS 1.2+, we can:
- Maintain compliance with current security standards.
- Protect customer data against known vulnerabilities.
- Ensure long-term compatibility with updated browsers and operating systems.
Which Systems Are Impacted
Devices that cannot use TLS 1.2 or later will no longer be able to connect to Webroot services.
Unsupported (No TLS 1.2 Capability):
- Windows XP, Vista, Server 2003
- Windows 7 (without SP1)
- Windows Server 2008 (without SP2)
- Windows Server 2012 / 2012 R2 (without updates)
- macOS 10.7 (Lion), macOS 10.8 (Mountain Lion)
Supported with TLS 1.2 Configuration:
The following operating systems can support TLS 1.2 with additional updates or configuration. However, these platforms are considered legacy systems, and we strongly recommend planning upgrades to modern, fully supported operating systems to ensure long term security, compatibility, and support.
- Windows 7 SP1
- Windows Server 2008 SP2
- Windows Server 2008 R2 SP1
- Windows Server 2012 / 2012 R2
If you are using any of these supported versions, TLS 1.2 can be enabled using Microsoft’s official updates:
- Windows 7 SP1 / Server 2008 R2 SP1: KB3140245 - Enable TLS 1.1/1.2 in WinHTTP
- Windows Server 2008 SP2: TLS 1.1/1.2 Support Update
- Windows Server 2012/2012 R2: KB3140245 Update for TLS 1.1/1.2 Support
What You Should Do
To ensure uninterrupted protection and communication between your Webroot agents and consoles:
- Verify the operating systems in your environment.
- Update any affected systems to enable TLS 1.2 where possible.
- Upgrade unsupported OS versions that cannot use TLS 1.2.
- Deploy the latest Webroot agent version, which includes the most up-to-date protocol support.
If assistance is needed, please consult your IT administrator or Microsoft Support.
Important: Failure to take action may result in loss of service for affected devices after deprecation.
Webroot previously completed the transition to TLS 1.2+ for Unity API communications in 2023 as part of our ongoing efforts to modernize platform security.
You can read the earlier announcement here:
https://community.opentextcybersecurity.com/general-182/tls-1-2-and-unity-api-355051
Frequently Asked Questions
Q: Why now?
TLS 1.0 and 1.1 were formally deprecated by major standards bodies several years ago. Many vendors have since phased them out. This change keeps Webroot aligned with those global security practices.
Q: What if I have older servers that can’t enable TLS 1.2?
Those systems will no longer be able to communicate with Webroot services after the cutoff. You’ll need to upgrade to a supported OS version to maintain connectivity.
Q: Will this affect endpoints running the latest Windows or macOS versions?
No. Current operating systems and browsers already use TLS 1.2 or higher by default.
Q: How can I confirm TLS 1.2 is enabled?
Microsoft provides detailed steps in KB 3140245 and related documentation. Your IT administrator can also verify via registry or policy settings.
