How will end of TLS 1.0/1.1 support affect Application Gateway to Backend Communication?

Question

How will end of TLS 1.0/1.1 support affect Application Gateway to Backend Communication?

Tyler 25

This question is related to the EOL of TLS 1.0 and 1.1 support per the following announcement https://learn.microsoft.com/en-us/lifecycle/announcements/tls-support-ending-10-31-2024

Basically we have a web server behind and Application Gateway running on a Windows VM. This web server is using a very old JBoss that unfortunately does not support a Java version beyond 1.7.0 (Right before TLS 1.2 support was added). As such we have no way to actually update the web server to support TLS 1.2.

We have already updated the App Gateway listener to only Accept TLS 1.2 and higher requests and this has not affected our application at all.

So my question is, Will this end of TLS 1.0 and 1.1 support also stop the application gateway from being able to take TLS 1.2 requests and then talk to a backend webserver that is only capable to talking TLS 1.0? i.e. will our current configuration stop working?

Abiola Akinbade 29,490 Reputation points Volunteer Moderator

2024-09-23T14:48:34.6033333+00:00

Yes, the end of TLS 1.0 and 1.1 support will likely stop your current configuration from working. It's important to plan for a solution before the October 31.

TLS 1.0 and 1.1 are no longer considered secure and it is higly recommended we upgrade before then.

See: https://learn.microsoft.com/en-us/lifecycle/announcements/tls-support-ending-10-31-2024?source=recommendations

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola
Parveen Kumar 0 Reputation points

2025-04-17T07:35:45.19+00:00
@Abiola Akinbade However there is no mention about what happens to Backend Pools not using HTTPS at all. We have a backend pool using HTTP connections. Would that be affected by the TLS deprecation. Can you please advice if HTTP based connections for backend pools would still continue to be available as TLS doesn't even apply for HTTP based connections. Thanks.

Accepted answer

0 additional answers

Your answer

Abiola Akinbade 29,490 Reputation points Volunteer Moderator

2024-09-23T14:48:34.6033333+00:00

Yes, the end of TLS 1.0 and 1.1 support will likely stop your current configuration from working. It's important to plan for a solution before the October 31.

TLS 1.0 and 1.1 are no longer considered secure and it is higly recommended we upgrade before then.

See: https://learn.microsoft.com/en-us/lifecycle/announcements/tls-support-ending-10-31-2024?source=recommendations

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola
Parveen Kumar 0 Reputation points

2025-04-17T07:35:45.19+00:00

@Abiola Akinbade However there is no mention about what happens to Backend Pools not using HTTPS at all. We have a backend pool using HTTP connections. Would that be affected by the TLS deprecation. Can you please advice if HTTP based connections for backend pools would still continue to be available as TLS doesn't even apply for HTTP based connections. Thanks.

Answer 1

@Tyler

Thank you for reaching out.

I understand you wish to know how end of TLS 1.0/1.1 support affect Application Gateway to Backend Communication.

There was an announcement posted today regarding this here

https://azure.microsoft.com/en-us/updates/v2/Azure-Application-Gateway-support-for-TLS-10-and-TLS-11-will-end-by-31-August-2025

Application Gateway will end the support for TLS 1.0 and 1.1 by 31 August 2025. We suggest you utilize this extended period to upgrade your client apps to allow seamless transition to TLS 1.2 or above. Please note, this TLS versions deprecation will apply to both frontend and backend connections.

For frontend connections, you can update the TLS policy for your Application Gateway resources after you've upgraded the clients to support the higher versions. https://learn.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview

For backend connections, we advise you to check if all backend servers can negotiate over TLS 1.2 or higher. For this, you need not make any changes to Application Gateway resource but please ensure the backend servers are ready by 31 August 2025, when these versions will be deprecated.

Hope this Helps! Please let me know if you have any questions. Thank you!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Share via

How will end of TLS 1.0/1.1 support affect Application Gateway to Backend Communication?

0 additional answers

Your answer