News

Microsoft Delays End of Support for TLS 1.0 and 1.1

• By Kurt Mackie
• 04/02/2020

Microsoft's plan to drop support for Transport Layer Security (TLS) protocols 1.0 and 1.1 in its browsers has been pushed back to the second half (2H) of 2020, the company announced this week.

Browser makers across the board have either already dropped or are in the process of dropping support for those security protocols, instead adopting TLS 1.2 or higher. Back in October 2018, Microsoft indicated that TLS 1.0 and 1.1 support would be removed from its Microsoft Edge and Internet Explorer 11 browsers "in the first half of 2020."

Per the new announcement, that 1H 2020 deadline has been pushed out a bit due to "current global circumstances," which likely refers to the coronavirus pandemic. Here's the new schedule on removing such support for this year.

The Chromium-based Edge browser will lose TLS 1.0 and 1.1 support around July:

For the new Microsoft Edge (based on Chromium), TLS 1.0 and 1.1 are currently planned to be disabled by default no sooner than Microsoft Edge version 84 (currently planned for July 2020).

Other Microsoft browsers will lose TLS 1.0 and 1.1 support around September:

For all supported versions of Internet Explorer 11 and Microsoft Edge Legacy (EdgeHTML-based), TLS 1.0 and TLS 1.1 will be disabled by default as of September 8, 2020.

Office 365 Support Ends in June
Microsoft had an even more aggressive timeline for removing TLS 1.0 and 1.1 support from Office 365 services, but it later backed off from that push, as described in an October 2018 announcement.

A revised Microsoft document (dated March 30, 2020) now indicates that "Microsoft plans to deprecate Transport Layer Security (TLS) versions 1.0 and 1.1 in Office 365 and Office 365 GCC [Government Community Cloud] as of June 2020."

Microsoft is recommending the use of TLS 1.2 or later for "all client-server and browser-server combinations" when connecting to Office 365 services. However, Microsoft's document described cases where certain older clients can't use TLS 1.2, and should be updated.

Users of Microsoft Teams Rooms conferencing appliances should have "app version 4.0.64.0 or later installed," the document recommended.

Skype for Business Server users should not disable TLS 1.0 and 1.1 before installing particular cumulative updates (CUs), namely:

• For Skype for Business Server 2015, CU9 is already released in May 2019.
• For Skype for Business Server 2019, CU1 was previously planned for April 2019 but is delayed to June 2019.

Microsoft outlined the issues with TLS 1.0 and 1.1 in its whitepaper, "Solving the TLS 1.0 Problem." In essence, the older TLS versions were "first defined in 1999," and the switch to upgrade is being compelled by regulatory requirements and the need to avoid possible new security vulnerabilities.