What happens if TLS 1.2 is disabled on a Windows machine using Falcon?

Disabling TLS 1.2 on a Windows machine that is running CrowdStrike Falcon will lead the system to negotiate with lower versions of the TLS protocol, specifically TLS 1.1 or TLS 1.0. This is because the CrowdStrike Falcon agent needs to establish a secure connection to the CrowdStrike cloud. If TLS 1.2 is unavailable, the underlying system will typically fall back to the highest supported version of the TLS protocol that is enabled, which will be either TLS 1.1 or TLS 1.0.

The negotiation process is part of the security protocol's design, allowing for compatibility with various clients and servers, especially in scenarios where newer protocols are not supported. However, it's important to note that using older protocols like TLS 1.0 and 1.1 comes with security vulnerabilities that can put the system at risk, which is why TLS 1.2 is encouraged or required.

This context clarifies the behavior of the CrowdStrike Falcon agent in the event of TLS 1.2 being disabled, emphasizing the importance of maintaining up-to-date security protocols.