Question

VMNerd on Thu, 15 Oct 2015 20:15:54


I am in need of confirming if SharePoint 2013 supports disabling SSL 3.0 and TLS 1.0.

From what I can gather thus far is that SSL 3.0 can be disabled without issue, however SharePoint 2013 currently requires TLS 1.0 to be enabled. I have not been able to find a Microsoft KB article indicating that TLS 1.0 is required to be enabled for SP2013, only a post at the link below.

http://thesharepointfarm.com/2015/08/sharepoint-support-for-disabling-ssl-3-0-and-tls-1-0/

Is anyone aware of a Microsoft KB article, blog or tech article indicating that TLS 1.0 is required to be enabled for SP 2013?

Thank you.


JCashon


Sponsored



Replies

IoTGirl on Thu, 15 Oct 2015 20:24:24


Hi JCashon,

Can you explain your requirement? The known issue is that SSL 3.0 is vulnerable to a POODLE attack and TLS 1.0 will down grade to SSL 3.0 if SSL 3.0 is enabled. The fix is just to disable SSL 3.0 as TLS 1.0 will not downgrade in that case.

https://technet.microsoft.com/en-us/library/security/3009008.aspx?f=255&MSPPError=-2147217396

Sincerely,

IoTGirl

Trevor Seward on Thu, 15 Oct 2015 21:06:14


SharePoint requires TLS v1.0 (it will also use SSL 3, but it can be disabled). This is due to the .NET Framework. An update was later released for the v4.5 Framework, but that requires an application to be recompiled to support TLS v1.1/1.2.

So, in short, you must leave TLS v1.0 enabled for SharePoint 2013.

Victoria Xia on Thu, 22 Oct 2015 03:30:26


Hi JCashon,

I agree with Trevor.

If his reply is helpful, you can make it as answer.

Best regards,

Victoria

bnigl on Wed, 28 Sep 2016 18:30:47


Microsoft has provided an unofficial guide, with official documentation expected to be released soon, to support TLS 1.2 only.

https://blogs.msdn.microsoft.com/rodneyviana/2016/06/28/the-unofficial-guide-for-sharepoint-2013-and-2010-working-with-tls-1-2-only/

TLS 1.0 can be disabled in SharePoint 2010 and SharePoint 2013 using this guidance.  Note, however, there is an issue using Windows Explorer from Windows 7 computers and Windows 2008 servers.  Windows Explorer prior to Windows 10 lacks TLS 1.2 support.

Brian

techs uk on Fri, 01 Sep 2017 13:34:09


Wish I'd checked for this first.

Disabled TLS1.0 and it seemed to work, until a week later people started reporting search was out of date. At first I didn't make the connection.

I was about to raise a call and thought, "hang on, let's put 1.0 back on" and bingo, it started working.

What a noob, I've been in IT for years - I should have checked...

Trevor Seward on Fri, 01 Sep 2017 14:55:38


This thread is fairly old, you can now disable TLS 1.0 and TLS 1.1. Follow this guide: https://technet.microsoft.com/en-us/library/mt773991.aspx