微软今天宣布,出于安全原因Office 365将不再对SSL3.0提供支持,执行日期将在2014年12月1日。具体问题为近期发现SSL3.0中存在漏洞。
微软声明如下:
“我们希望用户可以阅读编号为3009008的安全报告,报告中给出了关于Secure Sockets Layer (SSL) 3.0漏洞的详细信息。这个业界范围内的漏洞影响广泛,会导致用户信息资料被泄露。为保护用户利益,我们决定将在几个月内关闭对SSL3.0的支持”
从2014年12月1日开始,Office 365将会停止对SSL3.0的支持,也就是所有客户端与浏览器的组合都需要使用TLS1.0或更高版本来确保对Office 365服务器的连接。
原文:
Microsoft today announced that they are disabling support for SSL 3.0 from December to protect customers from the recently reported vulnerability in SSL 3.0.
We wanted to share details around Security Advisory 3009008. This advisory provides guidance related to a vulnerability in Secure Sockets Layer (SSL) 3.0 which could allow information disclosure. This is an industry-wide vulnerability that affects the protocol itself and is not specific to Microsoft’s implementation. To help protect our customers further, we will be disabling fallback to SSL 3.0 in IE, disabling SSL 3.0 by default in IE, and across Microsoft online services, over the coming months.
Starting on December 1, 2014, Office 365 will disabe support for SSL 3.0. This means that from December 1, 2014, all client/browser combinations will need to utilize TLS 1.0 or higher to connect to Office 365 services without issues.