Office 365: Microsoft discontinues support for TLS 1.0 and 1.1

The new date for switching off the old version is October 15th. From then on, Office 365 will only establish HTTPS connections using TLS 1.2 or newer. Microsoft estimates the consequences for users as low.

Microsoft As of October 15th, Office 365 will no longer support the versions of the Transport Layer Security (TLS) 1.0 and 1.1 protocol that are considered unsafe. According to the company, the implementation of TLS 1.0 does not have any known vulnerabilities, but the measure is intended to protect users from protocol downgrade attacks in the future – especially since TLS 1.0 is now more than 20 years old.

Encryption (Image: Shutterstock)Actually, Microsoft and other software providers wanted to deactivate TLS 1.0 and 1.1 in their products earlier. However, the first wave of the COVID-19 pandemic earlier this year upset individual companies’ plans.

“We temporarily stopped implementing TLS 1.0 and 1.1 shutdown for commercial customers due to COVID-19, but as the supply chains have adjusted and certain countries are reopening, implementation is now starting on October 15th,” Microsoft said With.

Microsoft and other providers have been pushing their customers longer to switch to TLS version 1.2. In addition, support for the older versions must also be discontinued, since otherwise systems can be made to use an older protocol version within the framework of backward compatibility. Among other things, the major browser providers had this Apple, Google, Microsoft and Mozilla already agreed in 2018.

Mozilla had implemented the change even before the Corona crisis began and reactivated support for TLS 1.0 and 1.1 in March to ensure that users can still access government websites. Microsoft also postponed the shutdown of the old protocol versions required for the establishment of HTTPS connections in March. The versions released last week Chrome 84 and Edge 84 now lack support for TLS 1.0 and 1.1.

The company from Redmond assumes that the shutdown of the old protocol versions in Office 365 has few noticeable consequences. The end of support has been known for several years and office clients could also use TLS 1.2.

“We recommend that all client-server and browser-server combinations use TLS 1.2 or a newer version to maintain a connection to the Office 365 services. Certain client-server and browser-server combinations may need to be updated, ”says a support document for using TLS 1.2 in Office 365.

Leave a Reply

Your email address will not be published. Required fields are marked *