As of October 15th, Office 365 will no longer support the versions of the Transport Layer Security (TLS) 1.0 and 1.1 protocol that are considered unsafe. According to the company, the implementation of TLS 1.0 does not have any known vulnerabilities, but the measure is intended to protect users from protocol downgrade attacks in the future – especially since TLS 1.0 is now more than 20 years old.
Actually, Microsoft and other software providers wanted to deactivate TLS 1.0 and 1.1 in their products earlier. However, the first wave of the COVID-19 pandemic earlier this year upset individual companies’ plans.
“We temporarily stopped implementing TLS 1.0 and 1.1 shutdown for commercial customers due to COVID-19, but as the supply chains have adjusted and certain countries are reopening, implementation is now starting on October 15th,” Microsoft said With.
Microsoft and other providers have been pushing their customers longer to switch to TLS version 1.2. In addition, support for the older versions must also be discontinued, since otherwise systems can be made to use an older protocol version within the framework of backward compatibility. Among other things, the major browser providers had this, , Microsoft and already agreed in 2018.
Mozilla had implemented the change even before the Corona crisis began and reactivated support for TLS 1.0 and 1.1 in March to ensure that users can still access government websites. Microsoft also postponed the shutdown of the old protocol versions required for the establishment of HTTPS connections in March. The versions released last week84 and Edge 84 now lack support for TLS 1.0 and 1.1.
The company from Redmond assumes that the shutdown of the old protocol versions in365 has few noticeable consequences. The end of support has been known for several years and office clients could also use TLS 1.2.
“We recommend that all client-server and browser-server combinations use TLS 1.2 or a newer version to maintain a connection to the Office 365 services. Certain client-server and browser-server combinations may need to be updated, ”says a support document for using TLS 1.2 in Office 365.