Azure Services to End Support for TLS 1.0 and TLS 1.1: What You Need to Know
Starting November 10, 2023, Azure announced that all connections to its services must use TLS 1.2 or newer versions for better security.
The older versions, TLS 1.0 and TLS 1.1, are being phased out because newer versions offer better security features.
What is TLS?
Transport Layer Security is a protocol that ensures data sent over the internet is encrypted and secure. It has different versions (1.0, 1.2, 1.2), with TLS 1.3 being the latest version.
About TLS 1.2
Released in August 2008, TLS 1.2 is an upgraded version of TLS 1.1, providing the key features below.
- It uses a combination of symmetric and asymmetric cryptography to provide improved security.
- MD5 and SHA-1 combination are replaced with SHA-256.
No doubt, TLS 1.2 offers enhanced security against cyberattacks over its predecessors. However, it is not the most advanced cryptography protocol available out there. So, which is the most secure version?
TLS 1.3, released by the Internet Engineering Task Force (IETF) on August 10, 2018, is the secure one that improves internet security and performance.
Risks of Using Outdated Security Protocols
- One of the most concerning risks of using outdated security protocols is cyberattacks, which continuously increase yearly.
- Some organizations might face legal consequences for using such versions.
Key Updates:
- Some Azure services will still support TLS 1.0 and TLS 1.1 until August 31, 2025, to give users more time to transition.
- After August 31, 2025, only TLS 1.2 or later versions will be accepted for all Azure services.
- Microsoft’s implementation of TLS 1.0 and 1.1 is not known to have security issues, but TLS 1.2 and later provide stronger security measures.
What All The Microsoft Azure Services Users Need to Do:
- Ensure all your applications and systems that connect to Azure use TLS 1.2 or newer versions. If not, update your systems and applications to TLS 1.2 or newer versions as soon as possible.
- No further action is needed for those already using TLS 1.2 or later versions.