Microsoft is one of the companies pushing for the migration to TLS 1.2 for obvious reasons, and more recently the software giant announced a change to its Linux application repository.
Hosted at packages.microsoft.com, the Software Collection for Linux will no longer allow TLS 1.0 and TLS 1.1, with the company explaining that starting September 24, TLS 1.2 will be mandatory.
In other words, customers not using TLS 1.2 will no longer be allowed to download Linux packages from Microsoft, and the firm stresses that companies should ditch the old version due to security risks.
TLS 1.2 compulsory from the end of September
Disabling TLS 1.0 and 1.1 on the operating system is something businesses should do, Microsoft says, and all dependencies should be removed from devices in their fleets.
“Microsoft creates and supports a variety of software products for Linux systems and makes them available through package repositories at packages.microsoft.com. To support modern security standards, packages.microsoft.com will stop supporting package downloads through Transport Layer Security (TLS) 1.0 and 1.1 protocols effective September 24, 2020, ”Microsoft explains.
“This means that any connection using these protocols will no longer work as expected and no support will be provided. In order to continue to access packages from packages.microsoft.com after this date, organizations will need to enable TLS 1.2 (or later).
This gives businesses less than a month to prepare for the change, although there is a chance that few will be caught off guard. Microsoft is moving away from TLS 1.0 and 1.1 is something that has been known for some time, and the software giant itself has tried to encourage migration to TLS 1.2 on several occasions. So, for now, moving everything to TLS 1.2 is something that makes sense.