Wednesday, 20 October 2021

Studentnet Advisory TLS 1.2 upgrade & Windows 11 support for TL 1.3

 Hello IT Admins,

We have 2 TLS related advisories for Microsoft Windows listed below.

1. Windows Network TLS 1.2 Upgrades affecting on-prem provisioning

As part of good security practice, many IT admins are upgrading their Windows networks to support TLS 1.2 and deprecating the use of TLS 1.0 and 1.1. This upgrade can affect the processing of Studentnet's Cloudwork Identity Node(CwIN) located on your school premises.

Studentnet started observing CwIN operating issues yesterday(20/10/21) morning. The symptoms are that Cloudwork's on premises provisioning of accounts from your management system to your AD appears to fail to complete.

Studentnet is issuing this advisory to inform you of the issue. There are a variety of solutions depending upon the upgrade status of your various Windows components.

We'd like to discuss the options with you prior to implementing the most appropriate solution for your school. If you experience any difficulty with completion of your account provisioning we request you to please log a ticket on our help portal(here: support.studentnet.net) or by sending an email to help@studentnet.net.

More information on the impact of upgrading to TLS 1.2 on a Windows network is available here:  

2. Windows 11 clients unable to login to Office

Microsoft are enforcing a very hard implementation of TLS 1.3 in Windows 11. At the moment our Cloudwork infra-structure needs an upgrade to support TLS 1.3 but that upgrade will be very disruptive as it involves an entire re-start of our technology stack - something one does not do lightly especially at one of the busiest times of the year for schools.

We have a temporary fix for the problem...

For the moment users on Windows 11 will need to disable TLS 1.3.

This option is under Internet Options -> Advanced

It seems that windows 11's implementation of TLS 1.3 prevents Windows 11 from correctly talking to Cloudwork, however forcing it to use TLS 1.2 works.

We're working on a solution to this issue, however it will represent a fairly large infrastructure update to Cloudwork, and is unlikely to be completed before the Christmas break.


Once we have upgraded our infrastructure to support TLS 1.3 we will send out an advisory at which point those users that have implemented the above fix will need to undo it.

Regards,

The Studentnet Team
PS: Remember to join our LinkedIn Group

No comments:

Post a Comment