Trace Id is missing
Skip to main content
Azure
RETIREMENT

Retirement: Azure Application Gateway support for TLS 1.0 and TLS 1.1 will end by 31 August 2025

Published date: Sep 26, 2024

To align with Azure's ongoing security enhancements, all connections to Application Gateway must use Transport Layer Security (TLS) 1.2 or later, as support for TLS 1.0 and 1.1 on Azure Application Gateway will be discontinued starting 31 August 2025. The TLS versions 1.2 and later offer improved security with features such as perfect forward secrecy and stronger cipher suites.

Recommended action

Frontend connection - We recommend you update the TLS policy for your Application Gateway to the Predefined AppGwSslPolicy20220101S, AppGwSslPolicy20220101, or a Custom policy with minimum version as 1.2. (The CustomV2 policy comes with minimum version 1.2 by default). If your gateways are already configured with one of these secure policies, you need not take any action. Though you must ensure that older clients are updated to communicate over TLS 1.2 at least.

Backend connection - After 31 August 2025, the connections to backend servers will always be on minimum TLS 1.2 and up to TLS 1.3. You need not configure anything on your Application Gateway for the backend connection's TLS version. However, you must ensure that your servers in the backend pools are compatible with these updated protocol versions. This will avoid any disruptions when establishing a TLS/HTTPS connection with those backend servers.

Learn more.