I see that we can enable TLS version only during IoT Hub creation in Azure portal.How do we change this version POST creation? we have already deployed in PRODUCTION and now we need to change it.
Asked
Active
Viewed 436 times
0
kudlatiger
- 3,028
- 8
- 48
- 98
1 Answers
1
Unfortunately, you can't. There is no option in the portal for this, and it can't be achieved through ARM either. Trying it with ARM will result in the following error:
MinTlsVersion cannot be set when IotHub is in Active state
The documentation confirms that this field is read-only and can't be changed.
Matthijs van der Veer
- 3,865
- 2
- 12
- 22
-
I also see that Microsoft yet to support TLS 1.3 – kudlatiger Apr 29 '22 at 03:40
-
Correct, you could add a feature request for it [here](https://feedback.azure.com/d365community/forum/fcb810f7-f824-ec11-b6e6-000d3a4f0da0) – Matthijs van der Veer Apr 29 '22 at 08:03
-
Until Microsoft supports us, what should be our security controls to save from 1.2 vulnerabilities? – kudlatiger Jun 16 '22 at 09:49
-
That's probably a separate question. Maybe one best asked on [Microsoft Q&A](https://learn.microsoft.com/en-us/answers/topics/25494/azure-iot-hub.html?WT.mc_id=IoT-MVP-5004034), there's usually Microsoft people who can help you with that. – Matthijs van der Veer Jun 16 '22 at 12:13
-
Could you share the ARM json which you tried to change the TLS version? which lead to the above mentioned error. – kudlatiger Sep 02 '22 at 06:49
-
1I don't have it any more, but I probably used [Bicep](https://learn.microsoft.com/en-us/azure/templates/microsoft.devices/iothubs?pivots=deployment-language-bicep?WT.mc_id=IoT-MVP-5004034#iothubproperties) and changed the `minTlsVersion` and tried to deploy again. – Matthijs van der Veer Sep 02 '22 at 07:14