1

Based on current documentation Azure storage REST API supports TLS 1.0, 1.1 and 1.2.

Question: Is this the same for Azure Government cloud? Some certifications don't allow TLS 1.0 anymore, is there a way to mitigate it at least in Government Cloud?

Maxim Alexeyev
  • 1,021
  • 11
  • 24

1 Answers1

0

yes the same ability to set TLS 1.1 and above exists in Azure Government. If you find that it's not in practice, we'd consider it a bug and get it resolved immediately.

Bernie Ellis
  • 333
  • 1
  • 5
  • I don't see the ability to set TLS 1.1 or higher for Azure Blob storage on server side, how can I do it? – Maxim Alexeyev Apr 02 '19 at 16:17
  • All of our service nodes will support up to TLS 1.2 (And higher whenever the next version comes out). The client plays an important part in negotiating the TLS version during session establishment. If the connecting client specifies 1.2 the server will honor that. Does that help? – Bernie Ellis Apr 02 '19 at 16:37
  • No, this is not what I'm asking about. Let's compare it with App Services. There is an option for App Services to specifically disable TLS 1.0. Azure Blob storages don't support it. I was hoping that maybe Government instance would not even allow going down to TLS 1.0, as it appears as vulnerability when the system is scanned. – Maxim Alexeyev Apr 02 '19 at 17:31
  • 1
    I understand. The option to configure/turn off TLS 1.0 in App Services is done as a configuration of that particular App Service (Think about .config files for a website). When clients connect to Azure storage accounts, they first connect to the backend service for authentication/authorization and location of the storage accounts you have access to. With that connection, you're right, we don't expose a way to define TLS version options there. I can confirm whether or not we have any plans to deprecate support for version 1.0 and get back to you. – Bernie Ellis Apr 02 '19 at 19:11
  • Thank you. Also, if you could also check if government cloud specifically have different timeline, as applications installed there may often require higher security, it would help. – Maxim Alexeyev Apr 02 '19 at 21:00