Microsoft Making TLS 1.2 Mandatory for Office 365
The company is quietly deprecating TLS 1.0 and TLS 1.1
Microsoft has announced plans to enforce TLS 1.2 on its Office 365 platform. Starting on March 1, 2018 all client-server and browser-server combinations must use TLS 1.2 or later protocol versions (1.3) to be able to connect to Office 365 services without issue.
Although current analysis of connections to Microsoft Online services shows that very few customers still use TLS 1.0 and 1.1, we are providing notice of this change so that you can update any affected clients or servers as necessary before support for TLS 1.0 and 1.1 is disabled. If you are using any on-premises infrastructure for hybrid scenarios or Active Directory Federation Services, make sure that these infrastructures can support both inbound and outbound connections that use TLS 1.2.
TLS 1.3 is gaining wider support and the older versions of TLS are beginning to represent a potential security threat. Microsoft was quick to assure people that its TLS 1.0 implementation has no known security vulnerabilities.
Because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are disabling the use of TLS 1.0 and 1.1 in the service.
TLS or Transport Layer Security is successor to SSL. That being said, they’re still colloquially know as SSL certificates, previous versions of the SSL protocol have been found vulnerable to it has no been fully deprecated. And with release of TLS 1.3, you can expect more and more companies to end support for 1.0 and 1.1.
Microsoft provided a link to a recent white paper to help with any TLS 1.0 dependencies.
If you’d like to know more about cipher suites and TLS versions, you can find it here.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown