Solving the TLS 1.0 problem

By Andrew Marshall, Principal Security Program Manager, Customer Security and Trust

February 11, 2019

The use of Transport Layer Security (TLS) encryption for data in transit is a common way to help ensure the confidentiality and integrity of data transmitted between devices, such as a web server and a computer. However, in recent years older versions of the protocol have been shown to have vulnerabilities, and therefore their use should be deprecated.

We have been recommending the use of TLS 1.2 and above for some time. To help provide guidance, we are pleased to announce the release of the Solving the TLS 1.0 Problem, 2nd Edition white paper. The goal of this document is to provide the latest recommendations that can help remove technical blockers to disabling TLS 1.0 while at the same time increasing visibility into the impact of this change to your own customers. Completing such investigations can help reduce the business impact of the next security vulnerability in TLS 1.0.

In the second edition update we added the following:

Updates covering all of the new products and features Microsoft has shipped since the first version of the white paper, including IIS custom logging fields for weak TLS detection, TLS 1.2 backports to legacy OSes, and more.
Introduction of the Office 365 Secure Score Customer Reporting Portal to help Office 365 tenant admins quantify their customers’ own weak TLS usage.
Much more detail on .NET recommendations and best practices to ensure the usage of TLS 1.2+.
Pointers to DevSkim rules for detection and prevention of TLS hardcoding.
Tips for using PowerShell with TLS 1.2.

Read the Solving the TLS 1.0 Problem, 2nd Edition white paper to learn more.

Best practices

Incident response

Microsoft Incident Response

Cybercrime
Published Jun 29, 2023

3 min read
Patch me if you can: Cyberattack Series

The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
Best practices

AI and machine learning

Microsoft Intune
Published Jun 26, 2023

7 min read
Why endpoint management is key to securing an AI-powered future

With the coming wave of AI, this is precisely the time for organizations to prepare for the future. To be properly ready for AI, Zero Trust principles take on new meaning and scope. The right endpoint management strategy can help provide the broadest signal possible and make your organization more secure and productive for years to come.
News

Email security
Published May 19, 2023

3 min read
Cyber Signals: Shifting tactics fuel surge in business email compromise

Business email operators seek to exploit the daily sea of email traffic to lure victims into providing financial and other sensitive business information.
Events

Security management

Microsoft Defender
Published May 15, 2023

8 min read
Microsoft Security highlights from RSA Conference 2023

At RSA Conference April 24 to 26, 2023, Microsoft Security shared solution news and insights. Watch Vasu Jakkal’s keynote on-demand (video courtesy of RSA conference).

Solving the TLS 1.0 problem

Related Posts

Patch me if you can: Cyberattack Series

Why endpoint management is key to securing an AI-powered future

Cyber Signals: Shifting tactics fuel surge in business email compromise

Microsoft Security highlights from RSA Conference 2023

Get started with Microsoft Security