MS TLS1.0 and 1.1 deprecation affecting Office 365

**calebgk** · 10-13-2021

Does anyone know if Microsoft finally deprecated TLS 1.0 and TLS 1.1 on the weekend? They had this scheduled for October 2020, but it was delayed due to pandemic. I had 15 calls this morning for O365 SMTP not working on our Kyocera MFPs. Setup O365 with STARTTLS on port 587, same as they always have been, but they start getting x4803, which is an SSL error. I remove SSL3.0/TLS1.0 and TLS1.1 from both Serverside and Clientside settings of Network Security, and scan to email starts working again. I leave TLS 1.2 enabled, as well as SHA1 and SHA2 as they are needed for KFS. Has anyone else come across this situation starting only this week?

**rthonpm** · 10-13-2021

Support for TLS 1.0, 1.1, and 3DES ciphers in Microsoft 365 ends 31 January, 2022.

At this point there's not much reason to keep anything older than TLS 1.2 enabled on any device as it just opens the possibility of downgrade attacks.

Sent from my BlackBerry using Tapatalk

**copyman20** · 10-20-2021

Originally Posted by calebgk

Does anyone know if Microsoft finally deprecated TLS 1.0 and TLS 1.1 on the weekend? They had this scheduled for October 2020, but it was delayed due to pandemic. I had 15 calls this morning for O365 SMTP not working on our Kyocera MFPs. Setup O365 with STARTTLS on port 587, same as they always have been, but they start getting x4803, which is an SSL error. I remove SSL3.0/TLS1.0 and TLS1.1 from both Serverside and Clientside settings of Network Security, and scan to email starts working again. I leave TLS 1.2 enabled, as well as SHA1 and SHA2 as they are needed for KFS. Has anyone else come across this situation starting only this week?

Some of our customer are getting intermittent 4803 errors. It was sort of hard to pin down what was going on because we test the settings with OK result. 20 minutes later 4803.
We were going to have some devices with TLS1.0, 1.1, 1.2 all selected on both server and client side and some with with only TLS 1.2 turned on.

**kilgan** · 10-20-2021

Originally Posted by copyman20

Some of our customer are getting intermittent 4803 errors. It was sort of hard to pin down what was going on because we test the settings with OK result. 20 minutes later 4803.
We were going to have some devices with TLS1.0, 1.1, 1.2 all selected on both server and client side and some with with only TLS 1.2 turned on.

I am getting the same thing.

Even with 1.2 just checked. (attached) I am still getting errors.

Is there any resolution to this issue?

My Version Info on our TASKalfa 4501i

System :		2N9_2000.004.505
Engine :		2N7_1000.004.002
Panel :		2N4_7000.004.501
Scanner :		2N4_1200.003.001
FAX :		3N6_5100.B06.001

**Brianneoe** · 10-23-2021

Kyocera help desk helped with this one and it worked..Go to network security, turn off SSL, TLS 1.0 and 1.1 . Leave TLS 1.2 enabled, as well as SHA1 and SHA2 as they are needed for KFS.

**calebgk** · 10-25-2021

3DES encryption was deprecated along with TLS 1.0 and 1.1. Turn off 3DES under Effective Encryption. And make these changes under both Serverside and Clientside. That's been working for about 40 of my clients who have called in about this.

**toddanderson** · 10-25-2021

Are you talking about any kyocera devices ? and turning off 3DES ?

Originally Posted by calebgk

3DES encryption was deprecated along with TLS 1.0 and 1.1. Turn off 3DES under Effective Encryption. And make these changes under both Serverside and Clientside. That's been working for about 40 of my clients who have called in about this.

**calebgk** · 10-25-2021

I just work with Kyocera, so I can't comment on other equipment. But we have been turning off 3DES along with TLS 1.0 and 1.1, as they were listed together in MS's end-of-life announcement from last year. Not sure if it has any bearing on O365 errors listed above.

Note: Network fax driver for Kyocera needs SSL to communicate with MFP, so only turn off SSL3.0, TLS1.0/1.1/3DES on clientside settings, and leave SSL3.0/TLS1.0 enabled on serverside settings, otherwise network fax driver will stop working.

**bronco31** · 10-25-2021

also here..various office Kyocera unable scan to O365

im hazy on server vs client side..whats the difference.. the Kyo Command Center Guide under Network Security Settings (to turn on/off SSL3 /TLS/ encryption/ has etc) .. theres setting for both server and client side.. client side being the PC side? .. im cornfused

but OK, thx Brian...will try this:

"Kyocera help desk helped with this one and it worked..Go to network security, turn off SSL, TLS 1.0 and 1.1 . Leave TLS 1.2 enabled, as well as SHA1 and SHA2

"3DES encryption was deprecated along with TLS 1.0 and 1.1. Turn off 3DES under Effective Encryption. And make these changes under both Serverside and Clientside. That's been working for about 40 of my clients who have called in about this."