add tls 1.3 support

Author: PatrickFarley

articles/ai-services/security-features.md

@@ -21,7 +21,7 @@ For a comprehensive list of Azure service security recommendations, see the [Azu
 
 |Feature | Description |
 |:---|:---|
-| [Transport Layer Security (TLS)](/dotnet/framework/network-programming/tls) | All of the Azure AI services endpoints exposed over HTTP enforce the TLS 1.2 protocol. With an enforced security protocol, consumers attempting to call an Azure AI services endpoint should follow these guidelines:<ul><li>The client operating system (OS) needs to support TLS 1.2.</li><li>The language (and platform) used to make the HTTP call need to specify TLS 1.2 as part of the request. Depending on the language and platform, specifying TLS is done either implicitly or explicitly.</li><li>For .NET users, consider the [Transport Layer Security best practices](/dotnet/framework/network-programming/tls)</li></ul> |
+| [Transport Layer Security (TLS)](/dotnet/framework/network-programming/tls) | All of the Azure AI services endpoints exposed over HTTP enforce the TLS 1.2 protocol, or optionally TLS 1.3. With an enforced security protocol, consumers attempting to call an Azure AI services endpoint should follow these guidelines:<ul><li>The client operating system (OS) needs to support TLS 1.2 (or 1.3).</li><li>The language (and platform) used to make the HTTP call need to specify TLS 1.2 (or 1.3) as part of the request. Depending on the language and platform, specifying TLS is done either implicitly or explicitly.</li><li>For .NET users, consider the [Transport Layer Security best practices](/dotnet/framework/network-programming/tls)</li></ul> |
 | [Authentication options](./authentication.md)| Authentication is the act of verifying a user's identity. Authorization, by contrast, is the specification of access rights and privileges to resources for a given identity. An identity is a collection of information about a <a href="https://en.wikipedia.org/wiki/Principal_(computer_security)" target="_blank">principal</a>, and a principal can be either an individual user or a service.<br/><br/>By default, you authenticate your own calls to Azure AI services using the subscription keys provided; this is the simplest method but not the most secure. The most secure authentication method is to use managed roles in Microsoft Entra ID. To learn about this and other authentication options, see [Authenticate requests to Azure AI services](./authentication.md).|
 | [Key rotation](./authentication.md)| Each Azure AI Foundry resource has two API keys to enable secret rotation. This is a security precaution that lets you regularly change the keys that can access your service, protecting the privacy of your service if a key gets leaked. To learn about this and other authentication options, see [Rotate keys](./rotate-keys.md). |
 | [Environment variables](cognitive-services-environment-variables.md) | Environment variables are name-value pairs that are stored within a specific development environment. Environment variables are more secure than using hardcoded values in your code. For instructions on how to use environment variables in your code, see the [Environment variables guide](cognitive-services-environment-variables.md).<br/><br/>However, if your environment is compromised, the environment variables are compromised as well, so this isn't the most secure approach. The most secure authentication method is to use managed roles in Microsoft Entra ID. To learn about this and other authentication options, see [Authenticate requests to Azure AI services](./authentication.md).|