14 DAY TRIAL // Microsoft is one of the companies that are pushing for the migration to TLS 1.2 for obvious reasons, and more recently, the software giant announced a change concerning its Linux app repository.
Hosted at packages.microsoft.com, the collection of software for Linux will no longer allow TLS 1.0 and TLS 1.1, with the company explaining that beginning with September 24, TLS 1.2 will be mandatory.
In other words, clients not using TLS 1.2 will no longer be allowed to download Linux packages from Microsoft, and the firm emphasizes that companies should give up on the older version due to security risks.
TLS 1.2 mandatory starting with late September
Disabling TLS 1.0 and 1.1 at operating system is something that companies should do, Microsoft says, and all dependencies should be removed from devices in their fleets.
“Microsoft builds and supports a variety of software products for Linux systems and makes them available via package repositories on packages.microsoft.com. To support modern security standards, packages.microsoft.com will discontinue support for package downloads over Transport Layer Security (TLS) 1.0 and 1.1 protocols as of September 24, 2020,” Microsoft explains.
“This means that any connection using these protocols will no longer work as expected, and no support will be provided. In order to continue to access packages from packages.microsoft.com after that date, organizations will need to enable TLS 1.2 (or a later version).”
Companies thus have less than a month to prepare for the change, albeit there’s a chance not a lot of them would be caught unguarded. Microsoft moving away from TLS 1.0 and 1.1 is something that’s been known for a while, and the software giant itself tried to encourage the migration to TLS 1.2 on multiple occasions. So right now, moving everything to TLS 1.2 is something that just makes sense.