Azure and TLS 1.2 requirement

Martin Jørgensen 76 Reputation points
2024-10-27T14:52:54.58+00:00

Hi,

I have seen a lot of information about transitioning to TLS V1.2 before 31th of October 2024.

And also got the latest information about some Azure services will continue to work - perhaps until 31th of October 2025.

But when I look at this link (https://learn.microsoft.com/en-us/azure/app-service/overview-tls) it looks like "App Service" and "Azure Functions" are not affected.

What is the correct information?

When I look at Microsoft preferred cipher suite (https://techcommunity.microsoft.com/t5/security-compliance-and-identity/support-for-legacy-tls-protocols-and-cipher-suites-in-azure/ba-p/3952099), I see several missing ciphers, perhaps used by IoT devices, e.g.:

0X002F TLS_RSA_WITH_AES_128_CBC_SHA
0X0035 TLS_RSA_WITH_AES_256_CBC_SHA
0X000A TLS_RSA_WITH_3DES_EDE_CBC_SHA

Should I expect to have some kind of proxy in the future, in order to fulfill Azure requirements?

I am especially interested in the TLS requirement for:

  • WebApp
  • Functions
  • IotHub

Thanks

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,174 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,213 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,995 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pinaki Ghatak 5,230 Reputation points Microsoft Employee
    2024-10-28T10:37:39.9566667+00:00

    Hello @Martin Jørgensen

    Firstly, it is correct that Microsoft is transitioning to TLS V1.2 before October 31, 2024.

    However, some Azure services will continue to work until October 31, 2025. Regarding your question about App Service and Azure Functions, they are not affected by the transition to TLS V1.2.

    They will continue to work as usual. As for the preferred cipher suite, it is true that some ciphers are missing, such as TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, and TLS_RSA_WITH_3DES_EDE_CBC_SHA.

    However, this does not mean that you will need a proxy to fulfill Azure's requirements. Azure supports a wide range of cipher suites, and you can choose the ones that work best for your needs.

    Regarding your question about TLS requirements for WebApp, Functions, and IotHub, they all support TLS V1.2. You can find more information about their TLS requirements in the Azure documentation.

    I hope this information helps

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.