![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 34%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,909 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 22%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
Hi ,
Thanks for reaching out to Microsoft Q&A.
You cannot directly upgrade OpenSSL in an Azure Functions environment because it runs in a managed App Service sandbox, and you do not control the base image or env internals like OpenSSL.
You are using:
- App Service Plan: P0v3 (premium)
Node.js: 20 LTS
Azure Functions runtime: 4.x
Observed OpenSSL version: 1.1.1w
This OpenSSL version is inherited from the underlying OS used by Azure App Service for Linux, and as of now, Azure App Service images for Node.js 20 are still based on Debian with OpenSSL 1.1.1.
Your Options to check:
- Use a Custom Container
To control the OpenSSL version, the most effective approach is to deploy your Azure Function app as a custom container.
- Steps:
Use a Debian base image or a lighter distro (like debian:bullseye-slim or node:20-bullseye).
Install OpenSSL 3.0+ using apt, or build it from source if needed.
Install Node.js 20 (or base your image on a Node.js image with Debian + OpenSSL 3).
Package your Azure Function code in this container.
- Push the image to ACR or Docker Hub.
Deploy your Function App using this image.
Pros: Full control over OpenSSL version, reproducible builds, and you can bundle specific dependencies.
Cons: Slightly more DevOps overhead.
- Wait for Azure App Service to Adopt OpenSSL 3.0
Azure App Service is slowly moving to support newer OpenSSL versions as the OS base images are upgraded (typically from Debian 10/11 to Debian 12). However, this may take time and is not controllable by the user.
- Switch to Azure Container Apps or AKS
If you require finegrained control over runtime environments, either of these services allow you to fully define and control your container's runtime, including OpenSSL versions.
Recommendation:
If OpenSSL 3.x is mandatory (ex: for security compliance or TLS 1.3 features), use a custom container-based Azure Function deployment. That gives you full control today, without waiting on Azure’s managed updates.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.