Microsoft has revealed that it will enforce the deprecation of the legacy Transport Layer Security (TLS) web protocols TLS 1.0 and 1.1 in Office 365 on October 15 of this year.
Although the software giant's TLS 1.0 implementation does not have any known security vulnerabilities, the company has decided to discontinue support for the aging protocol due to the potential for future protocol downgrade attacks and other possible TLS vulnerabilities.
Originally Microsoft and other browser vendors had planned to disable TLS 1.0 and 1.1 earlier this year. However, these plans were put on hold once the pandemic began. In a recently updated document (opens in new tab) though, Microsoft announced the new enforcement date, saying:
- We've put together a list of the best SSL certificates available
- These are the best browsers on the market
- Surf the web securely with the best VPN
“We temporarily halted deprecation enforcement of TLS 1.0 and 1.1 for commercial customers due to covid-19, but as supply chains have adjusted and certain countries open back up, we are resetting the TLS enforcement to start Oct 15, 2020.”
TLS 1.0 and 1.1
The plan to retire TLS 1.0 and 1.1 in the beginning of 2020 was first announced back in 2018. To prepare for this, Microsoft and other browser makers urged customers to adopt TLS 1.2 instead. Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari were even planning to show error messages from March or April on sites that still used TLS 1.0 and 1.1.
In order to ensure that people could still access government sites during lockdowns, Mozilla temporarily re-enabled support for TLS 1.0 and 1.1 in March. Microsoft and Google then decided to defer disabling the aging TLS protocols until the release of Microsoft Edge 84 and Chrome 84.
The updated versions of both browsers have now been released which is why Microsoft now believes it is time to enforce the deprecation of these legacy TLS protocols in Office 365 (opens in new tab).
The software giant expects the effect of the change to be “minimal” since the deprecation of TLS 1.0 and 1.1 has been known about since 2017.
- We've also highlighted the best antivirus software
Via ZDNet (opens in new tab)