Microsoft will finally retire aging TLS 1.0 and 1.1 protocols

News
By Anthony Spadafora
published

Office 365 will no longer support these legacy TLS protocols

Microsoft logo
(Image credit: Shutterstock)

Microsoft has revealed that it will enforce the deprecation of the legacy Transport Layer Security (TLS) web protocols TLS 1.0 and 1.1 in Office 365 on October 15 of this year.

Although the software giant's TLS 1.0 implementation does not have any known security vulnerabilities, the company has decided to discontinue support for the aging protocol due to the potential for future protocol downgrade attacks and other possible TLS vulnerabilities.

Originally Microsoft and other browser vendors had planned to disable TLS 1.0 and 1.1 earlier this year. However, these plans were put on hold once the pandemic began. In a recently updated document though, Microsoft announced the new enforcement date, saying:

“We temporarily halted deprecation enforcement of TLS 1.0 and 1.1 for commercial customers due to covid-19, but as supply chains have adjusted and certain countries open back up, we are resetting the TLS enforcement to start Oct 15, 2020.”

TLS 1.0 and 1.1

The plan to retire TLS 1.0 and 1.1 in the beginning of 2020 was first announced back in 2018. To prepare for this, Microsoft and other browser makers urged customers to adopt TLS 1.2 instead. Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari were even planning to show error messages from March or April on sites that still used TLS 1.0 and 1.1.

In order to ensure that people could still access government sites during lockdowns, Mozilla temporarily re-enabled support for TLS 1.0 and 1.1 in March. Microsoft and Google then decided to defer disabling the aging TLS protocols until the release of Microsoft Edge 84 and Chrome 84

The updated versions of both browsers have now been released which is why Microsoft now believes it is time to enforce the deprecation of these legacy TLS protocols in Office 365.

The software giant expects the effect of the change to be “minimal” since the deprecation of TLS 1.0 and 1.1 has been known about since 2017.

Via ZDNet

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.