Forum Discussion

Tim Hunter's avatar
Tim Hunter
Iron Contributor
Feb 01, 2019

Remove TLS 1.0/1.1 and 3DES Dependencies

When I went to http://servicetrust.microsoft.com to see any users still using TLS 1.9/1.1. How do I remove TLS 1.0/1.1. How do I go about making these compatible so they work come February 28, 2019 w...
Exchange Server
office 365
TLS
Eric1972's avatar
Eric1972
Copper Contributor
Feb 07, 2019

This is a great question. I have read that the issue with the Apple mail native iPhone app was corrected in iOS 10, but I still see iPhones with iOS 10 showing up on the report. I also see one Microsoft Office 2016 client showing up on the report (using Windows 10 OS). I have no idea why that client machine would be using a lower flavor of TLS. I could disable TLS 1.0 and 1.1 on the client machine, but unfortunately, many websites still use 1.0 for whatever reason.

 

I received an email from Office 365 urging me to run this report, probably like most of you. I ran it and see some TLS 1 usage. It would be nice to get some guidance on this subject from Microsoft. Any pointers anyone can provide would be awesome!

 

Eric

  • AliceChained's avatar
    AliceChained
    Copper Contributor
    Mar 04, 2019

    But iOS is on ver 12 now?!? Who's still on 10?

    Found this thread trying to figure out why I have one iPhone (out of a half dozen) showing on my report.

    No one figured that out yet?

     

    • Forrest_H's avatar
      Forrest_H
      Iron Contributor
      Mar 25, 2019

      AliceChained  I have been researching the same thing for the past few hours.  I even went so far as to post a question on the Apple Community .

      I am pulling my hair out because I do not use iPhone and unsure how to force them to use TLS 1.2 . 

      In my Security Score Report this is what I see;

       Protocol Agent Count
      TLS1.0/1.1Apple-iPhone11C8/1604.572
      TLS1.0/1.1Apple-iPhone8C1/1604.391
      TLS1.0/1.1Apple-iPhone10C4/1604.573

       

      I may have found a clue on one of the other MS Exchange blog sites. About half way down in the Notes.  It seems if the client is using Authenticated SMTP the Exchange server logs it wrong and TLS 1.2 may be used after all. This blog is referring to Exchange on-Prem servers so not sure how relevant it is.

      If anyone here knows how to configure TLS 1.2 on iPhone native mail app please give me some clues.

      Thanks

      • AliceChained's avatar
        AliceChained
        Copper Contributor
        Mar 25, 2019

        Forrest_H From what I've been able to figure out, sometimes these devices just glitch and fail to resolve 1.2, so they fall back to 1.1. Once there is no 1.1 they will stop attempting fall back and will continue to try 1.2 until it succeeds.  

        This is so far only my somewhat researched theory. But for example, I will see one iPhone fail today, but succeed tomorrow. This seems to suggest they aren't only able to connect to just 1.1.

         

Resources