Transport Layer Security 1.0 and 1.1 disablement
Originally published: September 30, 2020
Please go here to search for your product's lifecycle.
Transport Layer Security (TLS) 1.0 and 1.1 are security protocols for establishing encryption channels over computer networks. Microsoft has supported these protocols since Windows XP/Server 2003. However, due to evolving regulatory requirements as well as new security vulnerabilities in TLS 1.0, Microsoft recommends that customers remove TLS 1.0/1.1 dependencies in their environments and disable TLS 1.0 and 1.1 at the operating system level where possible.
Microsoft is taking the following actions to ensure our entire product stack is more secure. We will continue to update this article as new deprecations and disablements are announced.
Deprecation postponed for Microsoft 365. Due to COVID-19, Microsoft postponed the deprecation of TLS 1.0/1.1 for Microsoft 365/Office 365. However, as supply chains have adjusted and certain countries open back up, TLS enforcement has been reset to start October 15, 2020. Go here to learn more.
Deprecation of TLS 1.0/1.1 in Office 365 GCC High and DoD. Microsoft will deprecate TLS 1.0/1.1 in Office 365 in GCC High and DoD environments starting on January 15, 2020. For more information, go here.
Disablement postponed for Internet Explorer and Microsoft Edge Legacy. TLS 1.0/1.1 will not be disabled by default for Internet Explorer and the legacy version of Microsoft Edge until Spring of 2021 at the earliest. Organizations that wish to disable TLS 1.0 and TLS 1.1 before that time may do so using Group Policy. TLS 1.0/1.1 will remain disabled by default in Microsoft Edge version 84 and later. Go here to learn more.
Support discontinued on packages.microsoft.com. To support modern security standards, packages.microsoft.com will discontinue support for Linux package download over TLS 1.0/1.1 as of September 24, 2020. This means that any connection using these protocols will no longer work as expected, and no support will be provided. To access Linux packages from packages.microsoft.com after that date, organizations will need to enable TLS 1.2 (or a later version). Where possible, Microsoft recommends that organizations remove all TLS 1.0/1.1 dependencies in their environments and disable TLS 1.0/1.1 at the operating system level.
Please go here for additional resources and information:
- Update for TLS 1.1/1.2 support in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1