TLS 1.2 Requirement - Can We Still Have HTTP?

Hi Toney,

Microsoft Azure will require all interactions with its services to be secured using Transport Layer Security (TLS) 1.2 or later starting from 31 October 2024. This change is to enhance security and provide best-in-class encryption for data. The move will end support for older TLS versions, namely TLS 1.0 and 1.1​​.

Regarding the use of HTTP, the requirement for TLS 1.2 or later pertains to encrypted communications. HTTP, being an unencrypted protocol, does not inherently use TLS. Therefore, if your services currently communicate over HTTP (port 80) without encryption, they would not be directly affected by the TLS 1.2 enforcement.

However, it's important to note that the general trend in web services and applications is towards enforcing secure communications, typically via HTTPS (HTTP over TLS/SSL). This shift is driven by the increasing need for data security and privacy. Therefore, while HTTP communications might still technically work, it is highly recommended to transition to HTTPS to ensure secure data transmission, especially when interacting with cloud services like Azure.

For the most secure and compliant interaction with Azure services after October 2024, you should consider upgrading all communications to use HTTPS with TLS 1.2 or later. This applies not only to Azure services but is generally a best practice for all web-based communications.

Kindly if you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.