Azure and TLS 1.2 requirement

Question

Hi,

I have seen a lot of information about transitioning to TLS V1.2 before 31th of October 2024.

And also got the latest information about some Azure services will continue to work - perhaps until 31th of October 2025.

But when I look at this link (https://learn.microsoft.com/en-us/azure/app-service/overview-tls) it looks like "App Service" and "Azure Functions" are not affected.

What is the correct information?

When I look at Microsoft preferred cipher suite (https://techcommunity.microsoft.com/t5/security-compliance-and-identity/support-for-legacy-tls-protocols-and-cipher-suites-in-azure/ba-p/3952099), I see several missing ciphers, perhaps used by IoT devices, e.g.:

0X002F TLS_RSA_WITH_AES_128_CBC_SHA
0X0035 TLS_RSA_WITH_AES_256_CBC_SHA
0X000A TLS_RSA_WITH_3DES_EDE_CBC_SHA

Should I expect to have some kind of proxy in the future, in order to fulfill Azure requirements?

I am especially interested in the TLS requirement for:

• WebApp
• Functions
• IotHub

Thanks

Answer 1

Hello @Martin Jørgensen

Firstly, it is correct that Microsoft is transitioning to TLS V1.2 before October 31, 2024.

However, some Azure services will continue to work until October 31, 2025. Regarding your question about App Service and Azure Functions, they are not affected by the transition to TLS V1.2.

They will continue to work as usual. As for the preferred cipher suite, it is true that some ciphers are missing, such as TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, and TLS_RSA_WITH_3DES_EDE_CBC_SHA.

However, this does not mean that you will need a proxy to fulfill Azure's requirements. Azure supports a wide range of cipher suites, and you can choose the ones that work best for your needs.

Regarding your question about TLS requirements for WebApp, Functions, and IotHub, they all support TLS V1.2. You can find more information about their TLS requirements in the Azure documentation.

I hope this information helps