search

OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
670 stars 96 forks source link

Windows Excel add-ins cannot use TLS 1.3 #4753

Open jim22k opened 1 month ago

jim22k commented 1 month ago

The server hosting our add-in recently added a policy requiring minimum TLS 1.3. Our add-in continued to work fine on Mac and Online versions of Excel, but immediately stopped working on Windows (all versions -- current and beta). The message was "Addin failed to download a required resource."

We reverted the TLS 1.3 minimum policy, allowing TLS 1.2, and the add-in began working again.

Your Environment

Expected behavior

An add-in running on a server with minimum TLS 1.3 should load on Windows version of Excel.

Current behavior

With TLS required to be at 1.3+ on the server hosting the add-in, the add-in will fail to load on Windows version of Excel.

Our add-in uses a shared runtime, in case that makes a difference for which embedded browser is accessing the add-in website. It feels like it should be upgraded to support higher versions of TLS, especially given the requirement to use HTTPS for all add-ins.

emmasab commented 2 weeks ago

@jim22k You mentioned this works for Excel on the web. What browser and browser version are you using?

jim22k commented 2 weeks ago

Latest version of Chrome on Mac: Version 127.0.6533.119 (Official Build) (arm64)