MS TLS1.0 and 1.1 deprecation affecting Office 365

**rthonpm** · 10-13-2021, 11:59 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Support for TLS 1.0, 1.1, and 3DES ciphers in Microsoft 365 ends 31 January, 2022.

At this point there's not much reason to keep anything older than TLS 1.2 enabled on any device as it just opens the possibility of downgrade attacks.

Sent from my BlackBerry using Tapatalk

**copyman20** · 10-20-2021, 01:07 AM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Originally posted by calebgk

Does anyone know if Microsoft finally deprecated TLS 1.0 and TLS 1.1 on the weekend? They had this scheduled for October 2020, but it was delayed due to pandemic. I had 15 calls this morning for O365 SMTP not working on our Kyocera MFPs. Setup O365 with STARTTLS on port 587, same as they always have been, but they start getting x4803, which is an SSL error. I remove SSL3.0/TLS1.0 and TLS1.1 from both Serverside and Clientside settings of Network Security, and scan to email starts working again. I leave TLS 1.2 enabled, as well as SHA1 and SHA2 as they are needed for KFS. Has anyone else come across this situation starting only this week?

Some of our customer are getting intermittent 4803 errors. It was sort of hard to pin down what was going on because we test the settings with OK result. 20 minutes later 4803.
We were going to have some devices with TLS1.0, 1.1, 1.2 all selected on both server and client side and some with with only TLS 1.2 turned on.

**kilgan** · 10-20-2021, 11:25 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Originally posted by copyman20

Some of our customer are getting intermittent 4803 errors. It was sort of hard to pin down what was going on because we test the settings with OK result. 20 minutes later 4803.
We were going to have some devices with TLS1.0, 1.1, 1.2 all selected on both server and client side and some with with only TLS 1.2 turned on.

I am getting the same thing.

Even with 1.2 just checked. (attached) I am still getting errors.

Is there any resolution to this issue?

My Version Info on our TASKalfa 4501i

System :		2N9_2000.004.505
Engine :		2N7_1000.004.002
Panel :		2N4_7000.004.501
Scanner :		2N4_1200.003.001
FAX :		3N6_5100.B06.001

Attached Files

Capture.jpg (8.6 KB, 43 views)

**Brianneoe** · 10-23-2021, 01:59 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Kyocera help desk helped with this one and it worked..Go to network security, turn off SSL, TLS 1.0 and 1.1 . Leave TLS 1.2 enabled, as well as SHA1 and SHA2 as they are needed for KFS.

**calebgk** · 10-25-2021, 01:58 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

3DES encryption was deprecated along with TLS 1.0 and 1.1. Turn off 3DES under Effective Encryption. And make these changes under both Serverside and Clientside. That's been working for about 40 of my clients who have called in about this.

**toddanderson** · 10-25-2021, 02:07 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Are you talking about any kyocera devices ? and turning off 3DES ?

Originally posted by calebgk

3DES encryption was deprecated along with TLS 1.0 and 1.1. Turn off 3DES under Effective Encryption. And make these changes under both Serverside and Clientside. That's been working for about 40 of my clients who have called in about this.

**calebgk** · 10-25-2021, 04:48 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

I just work with Kyocera, so I can't comment on other equipment. But we have been turning off 3DES along with TLS 1.0 and 1.1, as they were listed together in MS's end-of-life announcement from last year. Not sure if it has any bearing on O365 errors listed above.

Note: Network fax driver for Kyocera needs SSL to communicate with MFP, so only turn off SSL3.0, TLS1.0/1.1/3DES on clientside settings, and leave SSL3.0/TLS1.0 enabled on serverside settings, otherwise network fax driver will stop working.

**bronco31** · 10-25-2021, 08:34 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

also here..various office Kyocera unable scan to O365

im hazy on server vs client side..whats the difference.. the Kyo Command Center Guide under Network Security Settings (to turn on/off SSL3 /TLS/ encryption/ has etc) .. theres setting for both server and client side.. client side being the PC side? .. im cornfused

but OK, thx Brian...will try this:

"Kyocera help desk helped with this one and it worked..Go to network security, turn off SSL, TLS 1.0 and 1.1 . Leave TLS 1.2 enabled, as well as SHA1 and SHA2

"3DES encryption was deprecated along with TLS 1.0 and 1.1. Turn off 3DES under Effective Encryption. And make these changes under both Serverside and Clientside. That's been working for about 40 of my clients who have called in about this."

**jcassidy** · 10-25-2021, 09:35 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Haven't gotten a look yet, but some Sharp have come up late this afternoon. Had Kyoceras last Friday.

**calebgk** · 10-26-2021, 07:43 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Originally posted by bronco31

also here..various office Kyocera unable scan to O365

im hazy on server vs client side..whats the difference.. the Kyo Command Center Guide under Network Security Settings (to turn on/off SSL3 /TLS/ encryption/ has etc) .. theres setting for both server and client side.. client side being the PC side? .. im cornfused

You could simplistically look at it as Serverside as Incoming (like network fax coming into MFP from a PC) and Clientside as Outgoing (like MFP sending email out thru SMTP). Not a true explanation, but it's the basic idea.

**eescamilla** · 10-27-2021, 11:20 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Originally posted by calebgk

I just work with Kyocera, so I can't comment on other equipment. But we have been turning off 3DES along with TLS 1.0 and 1.1, as they were listed together in MS's end-of-life announcement from last year. Not sure if it has any bearing on O365 errors listed above.

Note: Network fax driver for Kyocera needs SSL to communicate with MFP, so only turn off SSL3.0, TLS1.0/1.1/3DES on clientside settings, and leave SSL3.0/TLS1.0 enabled on serverside settings, otherwise network fax driver will stop working.

Would an older series models like a 3500i have all those security options? I think those have the older style web interfaces.

**Santander** · 10-27-2021, 11:42 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Originally posted by eescamilla

Would an older series models like a 3500i have all those security options? I think those have the older style web interfaces.

No they do not. Microsoft had some push back on this and have enabled a new endpoint on the site that allows legacy devices like the 3500i. This is info I got from the MS O365 website:

To take advantage of this new endpoint, admins will have to:

Set the AllowLegacyTLSClients parameter on the Set-TransportConfig cmdlet to True.
Legacy clients and devices will need to be configured to submit using the new endpoint smtp-legacy.office365.com

Hope this helps, I will be trying it tomorrow on a customer's 4500i

**calebgk** · 10-28-2021, 02:05 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Originally posted by Santander

No they do not. Microsoft had some push back on this and have enabled a new endpoint on the site that allows legacy devices like the 3500i. This is info I got from the MS O365 website:

To take advantage of this new endpoint, admins will have to:

Set the AllowLegacyTLSClients parameter on the Set-TransportConfig cmdlet to True.
Legacy clients and devices will need to be configured to submit using the new endpoint smtp-legacy.office365.com

Hope this helps, I will be trying it tomorrow on a customer's 4500i

Please report back on this. I haven't tried the legacy settings yet. This is only supposed to work until Feb, so I encourage my clients to find alternative SMTP now.

**slimslob** · 10-28-2021, 06:12 PM

Re: MS TLS1.0 and 1.1 deprecation affecting Office 365

Originally posted by Santander

No they do not. Microsoft had some push back on this and have enabled a new endpoint on the site that allows legacy devices like the 3500i. This is info I got from the MS O365 website:

To take advantage of this new endpoint, admins will have to:

Set the AllowLegacyTLSClients parameter on the Set-TransportConfig cmdlet to True.
Legacy clients and devices will need to be configured to submit using the new endpoint smtp-legacy.office365.com

Hope this helps, I will be trying it tomorrow on a customer's 4500i

Originally posted by calebgk

Please report back on this. I haven't tried the legacy settings yet. This is only supposed to work until Feb, so I encourage my clients to find alternative SMTP now.

It is simply a relay server. It receives the incoming emails, adds the necessary protocols and relays the emails on the the Office 365 server cloud. It saves major corporate IT companies from having to setup their own relay services.

MS TLS1.0 and 1.1 deprecation affecting Office 365

MS TLS1.0 and 1.1 deprecation affecting Office 365

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment