Security News > 2022 > March > Microsoft Azure DevOps revives TLS 1.0/1.1 with rollback

Last November, Rajesh Ramamurthy, director of product management for Azure DevOps, announced plans to phase out support for TLS 1.0/1.1 because of the risk of protocol downgrade attacks and other TLS vulnerabilities outside Microsoft's control.

TLS downgrade attacks aim to turn strong, more recent versions of TLS into weaker, earlier versions of the protocol to facilitate further exploitation.

Azure DevOps services stopped accepting TLS 1.0/1.1 connections, and at a minimum required TLS 1.2, as of January 31, 2022.

"We anticipate minimal impacts to our customers as more than 99.5 per cent of connections made to Azure DevOps Services already use TLS 1.2," said Graham in a blog post.

"Clients have TLS 1.2-compatibility issues because of obsolete OS versions or if available updates are not applied or legacy.NET Framework installation or OS configuration prohibiting certain TLS cipher suites."

Microsoft's next attempt to shut down TLS 1.0/1.1 for Azure DevOps is scheduled for March 31, 2022.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/15/microsoft_azure_tls/