none
TLS 1.0 App Service support RRS feed

  • Question

  • I set the min TLS to 1.1 (SSL Configuration) for a web app, then tested.

    It seems to still be supporting 1.0! Is this a known issue?

    I used https://www.ssllabs.com to test the site and it reports TLS 1.0 support for custom domain and the http://azurewebsites.net  for the web app, should be easy for you to test



    Saturday, June 2, 2018 3:27 AM

All replies

  • We have an issue with SNI-SSL that was documented here:
    https://blogs.msdn.microsoft.com/appserviceteam/2018/05/02/breaking-change-for-sni-ssl-hostnames-on-azure-app-service/

    This is causing SSL Labs and similar reports to show that TLS 1.0 is still accepted. 

    We are currently in the middle of a general release which also includes a fix for this issue. We expect the completion of the deployment in all regions to finish next week.


    Oded Dvoskin

    Saturday, June 2, 2018 5:04 AM
    Moderator
  • Hi Oded,

    Has this now be depolyed in all regions and the issue resolved?

    Thanks

    Friday, June 8, 2018 12:05 AM
  • Hi @Costa11

    We are currently at the final stages of deployment to all our public regions. You might already see this as resolved in your region. Simply check your site in SSL Labs to validate and if TLS 1.0 is shown as a 'no", that means we're done in your region. If you're in App Service Environments or our national clouds, that will follow in the next week or so.


    Oded Dvoskin

    Friday, June 8, 2018 4:50 AM
    Moderator
  • Brilliant, thanks I've just checked again and all is good. 
    Friday, June 8, 2018 8:33 PM
  • We have just completed the deployment for the TLS bug involving SNI-SSL.

    See details here: https://blogs.msdn.microsoft.com/appserviceteam/2018/06/13/tls-configuration-now-fixed-to-block-1-0/



    Oded Dvoskin

    Wednesday, June 13, 2018 4:01 PM
    Moderator