Microsoft: the Linux software repository will no longer support TLS 1.0/1.1 on September 24, 2020

Microsoft announced that it plans to stop supporting the insecure TLS 1.0 and TLS 1.1 protocols in its Linux software repository from September 24, 2020.

TLS 1.0 and 1.1 were initially scheduled to be phased out in the first half of 2020. However, affected by the global outbreak of new coronavirus, Microsoft said at the time that it planned to postpone the elimination of TLS 1.0 and 1.1 versions of its browsers until the epidemic was effectively controlled in the second half of the year.

TLS is a security protocol used to encrypt the communication channel between a website and a web browser. The original TLS 1.0 specification and its TLS 1.1 subsequent versions have been used for about 20 years.

Microsoft builds and supports various software products for Linux systems and makes them available through the package repository on packages.microsoft.com. The announcement stated, “To support modern security standards, packages.microsoft.com will discontinue support for package downloads over Transport Layer Security (TLS) 1.0 and 1.1 protocols as of September 24, 2020. This means that any connection using these protocols will no longer work as expected, and no support will be provided.” In order to be able to continue to access packages hosted on packages.microsoft.com after this date, the organization must enable TLS 1.2 or higher.

The company emphasized that because of security risks, companies should abandon the old version. It is recommended that all organizations remove all TLS 1.0 and 1.1 dependencies in their environment as soon as feasible, and disable TLS 1.0/1.1 at the operating system level. As of now, all parties have less than one month to prepare for the change.