Microsoft Azure: TLS 1.0 and 1.1 will be released on October 31

Microsoft is now ending support for the TLS 1.0 and TLS 1.1 protocols in the Azure cloud systems. On October 31, the company will pull the plug on these protocols, which are considered obsolete. This will have an impact on special applications, for example.

At the end of August, Microsoft once again drew attention to the end of support for the legacy TLS protocols, which are considered insecure. After 31.10.2024, connections for interactions with Azure services will require at least one TLS 1.2 or higher security level. Microsoft wants to increase security and ensure "first-class encryption of your data".

No concrete threat

However, this is not preceded by any specific attacks, as it is "not known that the Microsoft implementation of older TLS versions is at risk". However, TLS 1.2 and later versions offer better security in terms of protection against cracking recorded communication using "Perfect Forward Secrecy" and generally stronger cipher suites.

However, a more recent Microsoft article from the end of September states that Azure Front Door, for example, will continue to support TLS 1.0 and TLS 1.1 until the end of November 2024. This also applies to users of the Azure CDN service. It remains unclear why Microsoft is giving different dates here.

However, one thing is certain: anyone still using older apps, services or applications that communicate with services hosted on Azure instances in old TLS dialects that are classified as insecure should ensure that they update to the newer TLS versions as soon as possible. Otherwise, their communication will no longer work correctly from the beginning of November.

Just over a year ago, Microsoft announced that newer Windows 11 versions would come with TLS 1.0 and TLS 1.1 protocols disabled by default. However, the old protocol versions could be reactivated manually.

(dmk)