The use of Transport Layer Security (TLS) encryption for data in transit is a common way to help ensure the confidentiality and integrity of data transmitted between devices, such as a web server and a computer. However, in recent years older versions of the protocol have been shown to have vulnerabilities, and therefore their use should be deprecated.
We have been recommending the use of TLS 1.2 and above for some time. To help provide guidance, we are pleased to announce the release of the Solving the TLS 1.0 Problem, 2nd Edition white paper. The goal of this document is to provide the latest recommendations that can help remove technical blockers to disabling TLS 1.0 while at the same time increasing visibility into the impact of this change to your own customers. Completing such investigations can help reduce the business impact of the next security vulnerability in TLS 1.0.
In the second edition update we added the following:
- Updates covering all of the new products and features Microsoft has shipped since the first version of the white paper, including IIS custom logging fields for weak TLS detection, TLS 1.2 backports to legacy OSes, and more.
- Introduction of the Office 365 Secure Score Customer Reporting Portal to help Office 365 tenant admins quantify their customers’ own weak TLS usage.
- Much more detail on .NET recommendations and best practices to ensure the usage of TLS 1.2+.
- Pointers to DevSkim rules for detection and prevention of TLS hardcoding.
- Tips for using PowerShell with TLS 1.2.
Read the Solving the TLS 1.0 Problem, 2nd Edition white paper to learn more.
