How will end of TLS 1.0/1.1 support affect Application Gateway to Backend Communication?

Tyler 20 Reputation points
2024-09-23T14:33:14.1833333+00:00

This question is related to the EOL of TLS 1.0 and 1.1 support per the following announcement https://learn.microsoft.com/en-us/lifecycle/announcements/tls-support-ending-10-31-2024

Basically we have a web server behind and Application Gateway running on a Windows VM. This web server is using a very old JBoss that unfortunately does not support a Java version beyond 1.7.0 (Right before TLS 1.2 support was added). As such we have no way to actually update the web server to support TLS 1.2.

We have already updated the App Gateway listener to only Accept TLS 1.2 and higher requests and this has not affected our application at all.

So my question is, Will this end of TLS 1.0 and 1.1 support also stop the application gateway from being able to take TLS 1.2 requests and then talk to a backend webserver that is only capable to talking TLS 1.0? i.e. will our current configuration stop working?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,069 questions
{count} votes

Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,101 Reputation points Microsoft Employee
    2024-09-26T22:13:09.46+00:00

    @Tyler

    Thank you for reaching out.

    I understand you wish to know how end of TLS 1.0/1.1 support affect Application Gateway to Backend Communication.

    There was an announcement posted today regarding this here

    https://azure.microsoft.com/en-us/updates/v2/Azure-Application-Gateway-support-for-TLS-10-and-TLS-11-will-end-by-31-August-2025

    • To align with Azure's ongoing security enhancements, all connections to Application Gateway must use Transport Layer Security (TLS) 1.2 or later, as support for TLS 1.0 and 1.1 on Azure Application Gateway will be discontinued starting 31 August 2025.
    • Backend connection - After 31 August 2025, the connections to backend servers will always be on minimum TLS 1.2 and up to TLS 1.3. You need not configure anything on your Application Gateway for the backend connection's TLS version. However, you must ensure that your servers in the backend pools are compatible with these updated protocol versions. This will avoid any disruptions when establishing a TLS/HTTPS connection with those backend servers.

    Hope this Helps! Please let me know if you have any questions. Thank you!


    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.