How to enable tsl 1.2 on Azure web application?

Chang Yan 0 Reputation points
2023-07-17T15:40:37.7833333+00:00

I am newbie to Azure and want to try key vault function last week, but after I create key vault, it shows User's image

I am using MacBook Azure web server, I don't know how to solve this problem and move to next step. I try to search app service and there is no navigation bar in the left

Thank you very much!

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,368 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andriy Bilous 11,626 Reputation points MVP
    2023-07-18T05:53:17.7466667+00:00

    Hello @Chang Yan

    OS, iPadOS, and macOS support Transport Layer Security (TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) and Datagram Transport Layer Security (DTLS). https://support.apple.com/guide/security/tls-security-sec100a75d12/web
    You do not need to do anything if you just trying to access Azure using webportal.

    If your applications communicate with or authenticate against Azure Active Directory, then those applications might not work as expected if they can't use TLS 1.2 to communicate. This situation includes:

    • Azure AD Connect
    • Azure AD PowerShell
    • Azure AD Application Proxy connectors
    • PTA agents
    • Legacy browsers
    • Applications that are integrated with Azure AD

    https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor

    https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client


  2. JamesTran-MSFT 36,796 Reputation points Microsoft Employee
    2023-07-19T21:57:41.7433333+00:00

    @Chang Yan

    Thank you for your post and I apologize for the delayed response!

    Error Message:

    Upcoming TLS 1.0, 1.1 deprecation: Please enable support for TLS 1.2 on clients (applications/platforms) to avoid any service impact. Learn more here.

    I understand that you're trying to leverage the Azure Key Vault but after creating the resource, you're running into the error message above. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.


    Findings:

    As shared by Andriy when it comes to the TLS 1.0 and 1.1 deprecation, you should be able to follow the How to enable TLS 1.2 on clients documentation in order to mitigate/avoid any service impacts to your Web Server.

    Additional Link:


    I also noticed within your follow-up comment that you ran into the below Key Vault error message when trying to create a Secret. To resolve this, I'll share the steps on how to troubleshoot this below.

    Error Message:

    The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.

    From your error message, this indicates that your user doesn't have the necessary permissions to create a Secret in the Key Vault. Because you're using the Key Vault RBAC permission model, you'll need to assign your user one of the Azure RBAC built-in roles for Key Vault data plane operations. For example:

    Assign a Resource group scope role assignment:

    1. Go to the Resource Group that contains your key vault.
    2. Select Access control (IAM).
    3. Select Add > Add role assignment to open the Add role assignment page.
    4. Assign the appropriate role.

    User's image


    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.