Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,779 questions
Hello @Christian Redgewell , Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know if the enforcement of TLS 1.2 post October 31st 2024 will break the websites running with TLS 1.1.
As mentioned in the below doc,
To enhance security and provide best-in-class encryption for your data, we'll require interactions with Azure services to be secured using Transport Layer Security (TLS) 1.2 or later beginning 31 October 2024, when support for TLS 1.0 and 1.1 will end.
Refer: https://azure.microsoft.com/en-us/updates/azure-support-tls-will-end-by-31-october-2024-2/
Additionally, Azure Resource Manager will stop supporting protocols older than TLS 1.2 on September 30, 2024. Azure Resource Manager will no longer support TLS 1.1 or earlier. To continue using Azure Resource Manager, make sure all of your clients that call Azure use TLS 1.2 or later.
We recommend the following steps as you prepare to migrate your clients to TLS 1.2:
- Update your operating system to the latest version.
- Update your development libraries and frameworks to their latest versions. For example, Python 3.8 supports TLS 1.2.
- Fix hardcoded instances of security protocols older than TLS 1.2.
- Notify your customers and partners of your product or service's migration to TLS 1.2.
For products using the Windows OS-provided cryptography libraries and security protocols, you should follow the steps outlined in the below doc which will help you identify any hardcoded TLS 1.0 usage in your applications and then enable TLS 1.2 as the minimum TLS version:
https://learn.microsoft.com/en-us/security/engineering/solving-tls1-problem
Additional Info:
https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2
To understand more regarding the Support for legacy TLS protocols and cipher suites in Azure Offerings, you can refer the below Microsoft blog:
Microsoft announced a powerful new feature in Windows to make your transition to a TLS 1.2+ world easier. We call this feature "Disable Legacy TLS", and it effectively enforces a TLS version and cipher suite floor on any certificate you select.
The "Disable Legacy TLS" feature can be deployed through the Internet Information Services (IIS) Server UI, via PowerShell commands or C++ HTTP.sys APIs.
Refer: https://learn.microsoft.com/en-us/security/engineering/disable-legacy-tls
Additional Microsoft blogs that might be helpful here:
However, while we are taking steps to deprecate TLS 1.0 and TLS 1.1, our customers may need to support the older protocols and cipher suites until they can plan for their deprecation. And while we don't recommend re-enabling these legacy values, we are providing guidance to help customers. We encourage customers to evaluate the risk of regression before implementing the changes outlined in this article.
Refer: https://learn.microsoft.com/en-us/azure/cloud-services/applications-dont-support-tls-1-2
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 18%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)