I am facing an issue with the upcoming end of support for TLS 1.0 in Azure App Services, as mentioned here. Additionally, the Azure documentation states that TLS 1.0 and 1.1 are considered legacy and not secure, recommending TLS 1.2 as the minimum version (reference).
Here is the specific text from the documentation:
“TLS 1.0 and 1.1 are considered legacy protocols and are no longer considered secure. It’s generally recommended for customers to use TLS 1.2 as the minimum TLS version, which is also the default. To ensure backward compatibility for TLS 1.0 and TLS 1.1, App Service will continue to support TLS 1.0 and 1.1 for incoming requests to your web app. However, since the default minimum TLS version is set to TLS 1.2, you need to update the minimum TLS version configurations on your web app to either TLS 1.0 or 1.1 so the requests won’t be rejected.”
My challenge is that I have a legacy device that connects to my Azure App Service, and this device only supports TLS 1.0. Given the upcoming end of support for TLS 1.0, I need clarification and advice on the following points:
-
Does the end of support for TLS 1.0 mean that I will be unable to configure my Azure App Service to accept TLS 1.0 connections, or does it simply mean that TLS 1.0 will be unsupported but still configurable?
-
If TLS 1.0 connections will no longer be allowed, what are the recommended solutions for handling legacy devices that do not support newer TLS protocols?
-
Would hosting a proxy server that supports TLS 1.0 and forwards requests to my Azure App Service (which uses TLS 1.2) be a viable solution? If so, what are the best practices or recommended configurations for setting up such a proxy?
Any guidance or suggestions on how to handle this situation would be greatly appreciated. Thank you!