Transport Level Security (TLS) 1.0 and 1.1 is to be axed for users of Microsoft Cloud App Security (MCAS) from 8 September as the company shores up security with a requirement for TLS 1.2+.
It has been a while coming. The company announced that it wanted to kill off TLS 1.0 and 1.1 last year, joining with Apple, Google and Mozilla in agreeing that 2020 would be when the tech would be put out to pasture in favour of newer, shinier and more secure versions.
MCAS is a multimode cloud access security broker. The thinking behind it is to control data travel around the cloud and combat threats arising from the brave, new world. The tool maps an organisation's cloud environment and then allows an administrator to tweak policies defining access and what apps can and can't do.
It can be hard to avoid MCAS: while the thing can be licensed as a standalone product, it also crops up in various guises through Microsoft's labyrinthine subscription options (PDF).
TLS itself is a successor to the venerable Secure Sockets Layer (SSL) originally developed by Netscape back in the day. While SSL 3.0, introduced in 1996, was deprecated in 2015, TLS 1.0 celebrated its 20th birthday this year and looks set to linger into 2020 before software makers finally put a bullet in it.
The technology is all about securing communications over a network. The vast majority of websites use the tech to keep things private between browser and server, with most supporting at least version 1.2. However, while TLS is an improvement on decades past, attackers have taken advantage of implementation flaws in more recent years to decrypt sensitive information.
The latest version of the protocol is version 1.3, which the likes of Google and Mozilla now support, but Microsoft does not, at least in the venerable Internet Explorer 11 browser. The Chromium-based Edge does enjoy the extra security but remains very much a work in progress. ®