Duo will no longer support TLS v1.0 or 1.1

After 30 June 2023

DUO will no longer support:

DUO will still support:

• TLS 1.0
• TLS 1.1

• TLS 1.2 or above

• TLS_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

• Supported Windows operating system (OS) versions will support TLS 1.2 by default. If you are running a supported Windows OS, no action is required.
• Note that if your operating system was manually changed to disable TLS 1.2 for some reason, connection requests will fail. Please verify your system is properly configured for TLS 1.2 with the suggested steps.

• Supported Duo Mobile applications running on supported OS versions will support TLS 1.2+ by default. If you are running a supported Duo Mobile application on a supported OS, no action is required.
• Supported Android OS versions: Android 10.0 and greater
• Supported iOS versions: iOS 14.0 and greater

* Using a mobile device with unsupported versions can still receive DUO push or generate one-time passcode as before; but would be unable to log in DUO-enabled IT services e.g. Microsoft Office 365, CUHK VPN, or CUPIS, etc.

• Common web browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, etc. with their latest version are supporting TLS 1.2.
• If your browser was manually changed to disable TLS 1.2 for some reason, connection requests will fail. Please verify your browser is properly configured for TLS 1.2 with the suggested steps.  For other browsers, please also make sure they are TLS 1.2 supported.

• Supported Duo Windows integrations running on supported operating system (OS) versions will support TLS 1.2 by default. If you are running a supported Windows integration on a supported OS, no action is required.
• Note that if your operating system was manually changed to disable TLS 1.2 for some reason, connection requests will fail. Please verify your system is properly configured for TLS 1.2.

• Windows Logon version 3.0.0.85 and newer supports TLS 1.2 on all Windows operating systems that support TLS 1.2.
• Should also meet Supported and Required versions.

• Supported Duo Mobile applications running on supported OS versions will support TLS 1.2+ by default. If you are running a supported Duo Mobile application on a supported OS, no action is required.
• Supported Android versions: Android 10.0 and greater
• Supported iOS versions: iOS 14.0 and greater

• Linux authentication requires Duo Unix (pam_duo or login_duo) 1.10.4 or later and OpenSSL 1.0.1 or later to support TLS 1.2.

• Common web browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, etc. with their latest version are supporting TLS 1.2.
• If your browser was manually changed to disable TLS 1.2 for some reason, connection requests will fail. Please verify your browser is properly configured for TLS 1.2 with the suggested steps.  For other browsers, please also make sure they are TLS 1.2 supported.