Microsoft TLS 1.3 Support Reference

Premier Developer

Developer

App Dev Manager Al Mata highlights important support information for helping teams prepare changes coming with TLS versions used by Microsoft technologies.


Background on TLS

Transport Layer Security (TLS) is a security protocol. It is most used to secure data between a web browser (Client) and website (Server) via HTTPS at the Transport layer.  It ensures the parties are who they are, and data retains integrity through encryption.

TLS 1.0 and 1.1 are going to start getting deprecated n 2020 for some products with version 1.2 is in use, and 1.3 will start to gain widespread use. An example is O365 guidance – https://docs.microsoft.com/en-us/office365/troubleshoot/security/prepare-tls-1.2-in-office-365. Take a look at each product site under security and identify your product support for TLS 1.0 and 1.1. Contact your Microsoft Premier ADM for further information.

Microsoft Guidance

Reference this document for the latest guidance on rapidly identifying and removing TLS protocol version 1.0 dependencies in software built on top of Microsoft operating systems via this article https://docs.microsoft.com/en-us/security/solving-tls1-problem.

Will TLS 1.3 be supported in browsers like IE/Edge/chrome-edge?

TLS/1.3 is supported in all versions of Chromium-based Edge (and will be supported on all platforms.  The Chromium based Edge just went GA so this should be good to go.  Chrome and Firefox and other chromium-based browsers support TLS 1.3.

As the TLS 1.3 was only ratified at the end of CYH1 there is no official roadmap that is published as release of this article.  The supported protocols still only go up to TLS 1.2.  There is not roadmap of TLS 1.3 support but the TLS best practices site does state “TLS 1.2 is a standard that provides security improvements over previous versions. TLS 1.2 will eventually be replaced by the newest released standard TLS 1.3 which is faster and has improved security”

Will TLS 1.3 be supported in Windows 10 and Server?

TLS 1.3 is also supported on Windows 1903 as of release of this article for testing purposes only, not production environment.

Will TLS 1.3 be supported on .NET?

For .NET, the official guidance at this point (via the best practices page above) is to rely on the underlying OS to provide the TLS version (which will automatically default to the strongest available version of the TLS protocol), and avoid hardcoding/specifying an explicit TLS version in application code.

Starting with .NET Framework 4.7, the default configuration is to use the OS TLS version.

Other links which may be helpful: https://github.com/dotnet/docs/issues/4675 and https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

Will TLS 1.3 be supported in SQL Server?

For SQL, it is currently not supported, it does support TLS 1.2. Confirming support for TLS 1.3 is in the roadmap and will share details when released. For now reference the article below:

https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server

What other components should I be aware of that use TLS?

Enforcement of TLS 1.2 for connections to Microsoft Defender ATP Microsoft Defender ATP Blog Microsoft Defender ATP is deprecating the use of TLS 1.0 and 1.1. Beginning March 16, 2020, customers and partners will be required to use TLS 1.2 and above for all communications with their API integrations.

Other Articles

Solving the TLS 1.0 Problem, 2nd Edition

https://docs.microsoft.com/en-us/security/solving-tls1-problem

Transport Layer Security (TLS) best practices with the .NET Framework.

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

If your app targets .NET Framework 3.5

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#if-your-app-targets-net-framework-352

Preparing to use TLS 1.2 in Office 365

https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365

Preparing for the mandatory use of TLS 1.2+

https://docs.microsoft.com/en-us/sysinternals/announce/tlsdeprecation

TLS 1.0 and 1.1 deprecation for Office 365

https://support.office.com/en-us/article/tls-1-0-and-1-1-deprecation-for-office-365-6b2b6c6c-7a55-4a07-8385-f1cc357a31b0

0 comments

Comments are closed. Login to edit/delete your existing comments