You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Remove TLS 1.0 and 1.1 from use with Azure Cache for Redis
14
14
15
-
There's an industry-wide push toward the exclusive use of Transport Layer Security (TLS) version 1.2 or later. TLS versions 1.0 and 1.1 are known to be susceptible to attacks such as BEAST and POODLE, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses. They also don't support the modern encryption methods and cipher suites recommended by Payment Card Industry (PCI) compliance standards. This [TLS security blog](https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/) explains some of these vulnerabilities in more detail.
15
+
To meet the industry-wide push toward the exclusive use of Transport Layer Security (TLS) version 1.2 or later, Azure Cache for Redis is moving toward requiring the use of the TLS 1.2 in October, 2024. TLS versions 1.0 and 1.1 are known to be susceptible to attacks such as BEAST and POODLE, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses.
16
+
17
+
TLS versions 1.0 and 1.1 also don't support the modern encryption methods and cipher suites recommended by Payment Card Industry (PCI) compliance standards. This [TLS security blog](https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/) explains some of these vulnerabilities in more detail.
16
18
17
19
> [!IMPORTANT]
18
20
> On October 1, 2024, the TLS 1.2 requirement will be enforced.
19
21
>
20
22
>
21
23
24
+
As a part of this effort, you can expect the following changes to Azure Cache for Redis:
22
25
23
-
As a part of this effort, we're making the following changes to Azure Cache for Redis:
24
-
25
-
-_Phase 1_: We configure the default minimum TLS version to be 1.2 for newly created cache instances. Previously, it was TLS 1.0. Existing cache instances won't be updated at this point. You can still use the Azure portal or other management APIs to [change the minimum TLS version](cache-configure.md#access-ports) to 1.0 or 1.1 for backward compatibility.
26
-
-_Phase 2_: We stop supporting TLS 1.1 and TLS 1.0 starting August 1,2024. After this change, your application must use TLS 1.2 or later to communicate with your cache. The Azure Cache for Redis service is expected to be available while we migrate it to support only TLS 1.2 or later. Read further sections to know how to determine if your applications are affected.
26
+
-_Phase 1_: Azure Cache for Redis changes the default minimum TLS version to TLS 1.2 for newly created cache instances. Previously, it was TLS 1.0. Existing cache instances won't be updated at this point. You can still use the Azure portal or other management APIs to [change the minimum TLS version](cache-configure.md#access-ports) to 1.0 or 1.1 for backward compatibility.
27
+
-_Phase 2_: Azure Cache for Redis stops supporting TLS 1.1 and TLS 1.0 starting August 1,2024. After this change, your application must use TLS 1.2 or later to communicate with your cache. The Azure Cache for Redis service is expected to be available while it is migrated to support only TLS 1.2 or later. Read further sections to know how to determine if your applications are affected.
27
28
28
29
| Date | Description |
29
30
|-------- |-------------|
@@ -33,10 +34,10 @@ As a part of this effort, we're making the following changes to Azure Cache for
33
34
| October 1, 2024 | Minimum TLS version for all cache instances is updated to 1.2. This means Azure Cache for Redis instances will reject connections using TLS 1.0 or 1.1.
34
35
35
36
> [!IMPORTANT]
36
-
> The content in this article does not apply to Azure Cache for Redis Enterprise/Enterprise Flash as the Enterprise tiers support TLS 1.2 only.
37
+
> The content in this article does not apply to Azure Cache for Redis Enterprise/Enterprise Flash because the Enterprise tiers only support TLS 1.2.
37
38
>
38
39
39
-
As part of this change, we remove support for older cipher suites that aren't secure. Our supported cipher suites are restricted to the following suites when the cache is configured with a minimum of TLS 1.2:
40
+
As part of this change, Azure Cache for Redis removes support for older cipher suites that aren't secure. Supported cipher suites are restricted to the following suites when the cache is configured with a minimum of TLS 1.2:
0 commit comments