TLS 1.0 & 1.1 support for Azure is moving away in future

[tomkerkhove]

TLS 1.0 & 1.1 support for Azure is moving away in future so customers should start planning for supporting TLS 1.2 only.

Deadline: None defined yet Impacted Services: All More information:

• https://azure.microsoft.com/en-au/updates/azuretls12/
• https://azure.microsoft.com/en-us/updates/?query=TLS

Notice

Microsoft Azure recommends all customers complete migration towards solutions that support transport layer security (TLS) 1.2 and to make sure that TLS 1.2 is used by default.

All Azure services fully support TLS 1.2, and services where customers are using only TLS 1.2 have made a switch to accept only TLS 1.2 traffic. Services that currently accept TLS 1.0/1.1 traffic will continue supporting these protocol versions until further notice to ensure compatibility with existing applications. While Microsoft’s TLS 1.0 implementation has no known security vulnerabilities, it’s important to account for potential future protocol downgrade attacks and other TLS vulnerabilities. Microsoft continues to monitor the security landscape and will reevaluate its position when necessary.

We understand that the security of your data is important, and we're committed to transparency about changes that may affect your use of TLS with Azure services.

Impact

Services using TLS 1.0 & TLS 1.1 will stop working in the future

Required Action

Ensure that you're using TLS 1.2

More information

As previously stated, Microsoft is driving a long-term shift to refuse legacy protocol and cipher suite connections. Evaluate your workloads for TLS 1.2 readiness and develop a migration plan.

Azure has completed the engineering work to remove dependency on TLS 1.0/1.1 protocols and provide full support to customers that want to have their workloads configured to accept and initiate only TLS 1.2 connections.

All customers should configure their Azure-hosted workloads and on-premises applications interacting with Azure services to use TLS 1.2 by default. For additional information on TLS 1.2 migration please see Solving the TLS 1.0 Problem.

Note that Azure Guest OS images have had TLS 1.0/1.1 disabled since the Family 6 release in January 2019. Read this guide to troubleshooting issues related to TLS ciphers in Guest OS image.

Please review the existing announcements related to TLS support for Azure services and continue to watch for further updates.

Related deprecation notices

• Azure Active Directory Registration Service #64 #65
• Azure Automation #57
• Power BI #53
• Azure Backup #161
• Azure Container Registry #55
• Azure Cosmos DB #59
• Azure Data Factory & Self-Hosted Integration Runtime #48
• Azure File Sync #56
• Azure HDInsight #54
• Azure IoT Hub and Device Provisioning Service #30

[azure-deprecation-automation]

This issue is automatically managed and suggest to use GitHub Discussions to discuss this deprecation.