Enable TLS 1.3 for Outbound Traffic

Question

Enable TLS 1.3 for Outbound Traffic

Dinesh Gaikwad 5

Hi Team,

I am currently using Azure API Management (APIM) to expose APIs that call backend services hosted on Azure Web Apps. Recently, I updated my Web App configuration to require a minimum TLS version of 1.3 to enhance security compliance.

After this change, API calls routed through Azure API Management began to fail with internal server errors. Upon investigation, it appears that Azure API Management does not support TLS 1.3 for outbound (backend) connections, and defaults to TLS 1.2.

Could you please enable the TLS 1.3 Settings?

Dinesh Gaikwad 5 Reputation points

2025-05-06T18:25:05.0433333+00:00

My API Management Service Platform version is stv2. We understand that stv2 platform is a V2 Tier. Based on your response above it looks like that the outbound TLS 1.3 is not supported on stv2 platform. Please confirm if our understanding is correct.
Praveen Kumar Gudipudi 440 Reputation points Microsoft External Staff Moderator

2025-05-06T18:39:43.5933333+00:00

@Dinesh Gaikwad ,

Correct, currently outbound TLS 1.3 is not supported in V2. However, you can continue using TLS 1.2 for secure communication until this feature becomes available in a future update.

If you have any further questions, feel free to reach out us.
Praveen Kumar Gudipudi 440 Reputation points Microsoft External Staff Moderator

2025-05-08T16:26:02.52+00:00

@Dinesh Gaikwad ,

I hope you're doing great!

Do the provided steps address your query? If so, please let us know with an update.
Praveen Kumar Gudipudi 440 Reputation points Microsoft External Staff Moderator

2025-05-09T21:28:15.2333333+00:00

@Dinesh Gaikwad ,

We haven't heard back from you yet, and I wanted to ensure everything is on track and see if there's anything more, we can assist you with.
LeelaRajeshSayana-MSFT 17,681 Reputation points Moderator

2025-05-14T20:57:45.0566667+00:00

Hi @Dinesh Gaikwad we have reached out to you through private message to capture some additional information to enable this feature for you. Kindly share that information through private comments to assist you further on this issue.
Dinesh Gaikwad 5 Reputation points

2025-05-15T11:05:17.2133333+00:00

I enabled the TLS 1.3 by sending email to your support team. Please close the ticket.

1 answer

Your answer

Dinesh Gaikwad 5 Reputation points

2025-05-06T18:25:05.0433333+00:00

My API Management Service Platform version is stv2. We understand that stv2 platform is a V2 Tier. Based on your response above it looks like that the outbound TLS 1.3 is not supported on stv2 platform. Please confirm if our understanding is correct.
Praveen Kumar Gudipudi 440 Reputation points Microsoft External Staff Moderator

2025-05-06T18:39:43.5933333+00:00

@Dinesh Gaikwad ,

Correct, currently outbound TLS 1.3 is not supported in V2. However, you can continue using TLS 1.2 for secure communication until this feature becomes available in a future update.

If you have any further questions, feel free to reach out us.
Praveen Kumar Gudipudi 440 Reputation points Microsoft External Staff Moderator

2025-05-08T16:26:02.52+00:00

@Dinesh Gaikwad ,

I hope you're doing great!

Do the provided steps address your query? If so, please let us know with an update.
Praveen Kumar Gudipudi 440 Reputation points Microsoft External Staff Moderator

2025-05-09T21:28:15.2333333+00:00

@Dinesh Gaikwad ,

We haven't heard back from you yet, and I wanted to ensure everything is on track and see if there's anything more, we can assist you with.
LeelaRajeshSayana-MSFT 17,681 Reputation points Moderator

2025-05-14T20:57:45.0566667+00:00

Hi @Dinesh Gaikwad we have reached out to you through private message to capture some additional information to enable this feature for you. Kindly share that information through private comments to assist you further on this issue.
Dinesh Gaikwad 5 Reputation points

2025-05-15T11:05:17.2133333+00:00

I enabled the TLS 1.3 by sending email to your support team. Please close the ticket.

Answer 1

@Dinesh Gaikwad ,

Thank you for reaching out regarding the issue you're facing with Azure API Management (APIM) and TLS 1.3 support for outbound connections.

As of now, Azure API Management does not natively support TLS 1.3 for outbound connections by default. However, we understand your need for this feature to comply with security requirements. While TLS 1.3 support in APIM is being gradually rolled out, it is currently available for inbound traffic and requires manual configuration for outbound connections in certain tiers.

Here's a suggested approach:

For V1 Tiers: You can enable TLS 1.3 for outbound connections by manually configuring the "Protocols + ciphers" section in your APIM instance settings. Specifically, you will need to enable the TLS 1.3 cipher suites under the "Ciphers" tab. This could activate TLS 1.3 for your backend communications.

Update

For V2 Tiers: For V2 tiers, this cannot be enabled through the portal. The product team can enable this option for you from the backend.

Next Steps:

We will reach out through private comments to capture some information required to enable this option.

Share via

Enable TLS 1.3 for Outbound Traffic

1 answer

Your answer