Share via

TLS 1.0 requests for Web API

James 20 Reputation points
2024-04-10T10:56:17.8233333+00:00

with reference to TLS 1.0 support below. I need clarity on whether a Web API will stop allowing requests from clients that only support TLS 1.0. in October 2024. I understand that storage etc will only allow 1.2 from that point on, that is clear.

https://azure.microsoft.com/en-us/updates/azure-support-tls-will-end-by-31-october-2024-2/

This question has been asked before but the responses are just people explaining why you need to update to 1.2. I understand this and have done this where possible.

However, I have a large number of legacy hardware devices that cannot be changed that only support TLS 1.0. These talk to a Web API hosted in Azure. Please do not suggest changing the devices as it cannot be done, they are IOT devices installed all over the world in remote places. If it could I would do it.

I'll assume that TLS 1.0 will be turned off for web services so can you suggest options. I guess one is to allow http requests (I'd rather not but may have to). Will http requests be disabled soon also? Another option is to use another provider to take the incoming requests and then forward them on to my azure service which is a pain.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
0 comments
Answer accepted by question author
  1. TP 145.2K Reputation points Volunteer Moderator
    2024-04-10T13:37:27.15+00:00

    Hi,

    I believe that App Service will continue to support TLS 1.0, based on documentation as well as my experience over the years in regards to how they typically handle this type of scenario. By "scenario" I mean the frontend where TLS terminates is a transparent element of the platform upon which you run your apps. It isn't a service that you write code to interact with like Azure storage, key vault, etc.

    The App Service team hasn't made any announcements (other teams have) related to TLS 1.0/1.1 being blocked which is another clear sign. They have telemetry to see how much TLS 1.0/1.1 is being used on the frontends and wouldn't suddenly block that without giving clear communication to affected customers that their apps were about to stop functioning.

    Let's say they block TLS 1.0 at some point for App Service. What you can do is run your web api app on VM(s) instead, which will work fine. Currently the major operating systems allow you to enable TLS 1.0 if you need to for legacy applications.

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.