Nexus365 and TLS – update to TLS1.2!

Microsoft are planning to discontinue support for the older 1.0 and 1.1 versions of Transport Layer Security (TLS) in Microsoft Office 365 from the end of October 2018.

TLS is the successor to the (now deprecated) Secure Sockets Layer  protocol which was designed to provide secure communications over a network. The protocol’s job is to provide reliable privacy and data integrity between client and server- so it is important that Nexus365 only implements current fully-supported versions.

The TLS protocol builds on Netscape’s original SSL specifications from the mid 1990s, which added HTTPS support to Netscape Navigator. TLS was first defined in 1999 with the specification updated in 2008 (RFC5246) and again in 2011 to ensure TLS was used in preference to SSL (RFC6176).

TLS 1.0 originally  included an option to downgrade to SSL3, weakening security and potentially allowing known attack vectors to be exploited. The revised TLS 1.1 dates from early 2006, and was again revised in the summer of 2008 with TLS 1.2 becoming a standard. Dropping support for versions of TLS older than v1.2 will thefore be mandating use of a protocol that has been around for a decade. Only the oldest, least regularly updated client software, should be unable to connect using TLS 1.2. In fact some browsers already support TLS 1.3, currently a draft standard, dating from March 2018.

The October 2018 deadline for dropping TLS 1.0 and 1.1 support already represents a postponement of Microsoft’s original planned date, so is unlikely to be extended further.

To ensure you can still use secure connections to Nexus365 after the end of October 2018 all client and browser software used to access Nexus365 must therefore be using TLS 1.2 or later. This may mean you need to update, or replace, your software in order to connect securely. Any TLS-related connectivity issues logged in support tickets relating to Nexus365 will require an update to TLS 1.2 as part of the resolution.

Examples of software known to use old versions of TLS:

  • Android 4.3 (and earlier)
  • Firefox version 5.0 (and earlier – and any related forks of it)
  • Internet Explorer 8-10 on Windows 7 (and earlier)
  • Internet Explorer 10 on Windows Phone 8.0
  • Safari 6.0.4/OS X10.8.4 (and earlier)

Analysis shows that, as a proportion of all traffic, very little of it is TLS 1.0 and 1.1 usage. Please note that we are not mandating that you cease using older versions of TLS for other functions. If you are still using TLS for other purposes you can leave it enabled for those functions – however TLS 1.2 should be enabled for secure connections to Nexus365 in addition to those.  This should ensure that you avoid future TLS connectivity issues when accessing Nexus365.

Posted in Uncategorized | Leave a comment

Leave a Reply