Merge pull request #302222 from EldertGrootenboer/patch-5

TLS 1.3 has been enabled everywhere

Author: prmerger-automator[bot]

articles/service-bus-messaging/transport-layer-security-audit-minimum-version.md

@@ -37,7 +37,7 @@ To create a policy with an audit effect for the minimum TLS version with the Azu
             {
               "not": {
                 "field": "Microsoft.ServiceBus/namespaces/minimumTlsVersion",
-                "equals": "1.2"
+                "equals": "1.3"
               }
             }
           ]
@@ -85,7 +85,7 @@ Azure Policy supports cloud governance by ensuring that Azure resources adhere t
 
 The enforcement policy uses the deny effect to prevent a request that would create or modify a Service Bus namespace so that the minimum TLS version no longer adheres to your organization's standards. For more information about effects, see [Understand Azure Policy effects](../governance/policy/concepts/effects.md).
 
-To create a policy with a deny effect for a minimum TLS version that is less than TLS 1.2, provide the following JSON in the  **policyRule**  section of the policy definition:
+To create a policy with a deny effect for a minimum TLS version that is less than TLS 1.3, provide the following JSON in the  **policyRule**  section of the policy definition:
 
 ```json
 {
@@ -99,7 +99,7 @@ To create a policy with a deny effect for a minimum TLS version that is less tha
         {
           "not": {
             "field": "Microsoft.ServiceBus/namespaces/minimumTlsVersion",
-            "equals": "1.2"
+            "equals": "1.3"
           }
         }
       ]
@@ -111,9 +111,9 @@ To create a policy with a deny effect for a minimum TLS version that is less tha
 }
 ```
 
-After you create the policy with the deny effect and assign it to a scope, a user cannot create a Service Bus namespace with a minimum TLS version that is older than 1.2. Nor can a user make any configuration changes to an existing Service Bus namespace that currently requires a minimum TLS version that is older than 1.2. Attempting to do so results in an error. The required minimum TLS version for the Service Bus namespace must be set to 1.2 to proceed with namespace creation or configuration.
+After you create the policy with the deny effect and assign it to a scope, a user cannot create a Service Bus namespace with a minimum TLS version that is older than 1.3. Nor can a user make any configuration changes to an existing Service Bus namespace that currently requires a minimum TLS version that is older than 1.3. Attempting to do so results in an error. The required minimum TLS version for the Service Bus namespace must be set to 1.3 to proceed with namespace creation or configuration.
 
-An error will be shown if you try to create a Service Bus namespace with the minimum TLS version set to TLS 1.0 when a policy with a deny effect requires that the minimum TLS version be set to TLS 1.2.
+An error will be shown if you try to create a Service Bus namespace with the minimum TLS version set to TLS 1.2 when a policy with a deny effect requires that the minimum TLS version be set to TLS 1.3.
 
 ## Next steps
 

articles/service-bus-messaging/transport-layer-security-configure-minimum-version.md

@@ -11,17 +11,13 @@ ms.author: egrootenboer
 
 # Configure the minimum TLS version for a Service Bus namespace
 
-Azure Service Bus namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS. If a Service Bus namespace requires a minimum version of TLS, then any requests made with an older version will fail. For conceptual information about this feature, see [Enforce a minimum required version of Transport Layer Security (TLS) for requests to a Service Bus namespace](transport-layer-security-enforce-minimum-version.md).
+Azure Service Bus namespaces permit clients to send and receive data with TLS 1.2 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS. If a Service Bus namespace requires a minimum version of TLS, then any requests made with an older version will fail. For conceptual information about this feature, see [Enforce a minimum required version of Transport Layer Security (TLS) for requests to a Service Bus namespace](transport-layer-security-enforce-minimum-version.md).
 
 You can configure the minimum TLS version using the Azure portal or Azure Resource Manager (ARM) template. 
 
 > [!WARNING]
 > As of 28 February 2025, TLS 1.0 and TLS 1.1 will no longer be supported on Azure Service Bus. The minimum TLS version will be 1.2 for all Service Bus deployments. 
 
-> [!IMPORTANT]
-> On 31 October 2024, TLS 1.3 will be enabled for AMQP traffic. TLS 1.3 is already enabled for HTTPS traffic. Java clients may have a problem with TLS 1.3 due to a dependency on an older version of Proton-J. For more details, read [Java client changes to support TLS 1.3 with Azure Service Bus and Azure Event Hubs](https://techcommunity.microsoft.com/t5/messaging-on-azure-blog/java-client-changes-to-support-tls-1-3-with-azure-service-bus/ba-p/4089355) 
-
-
 ## Specify the minimum TLS version in the Azure portal
 You can specify the minimum TLS version when creating a Service Bus namespace in the Azure portal on the **Advanced** tab. 
 
@@ -32,28 +28,28 @@ You can also specify the minimum TLS version for an existing namespace on the **
 :::image type="content" source="./media/transport-layer-security-configure-minimum-version/existing-namespace-tls.png" alt-text="Screenshot showing the page to set the minimum TLS version for an existing namespace.":::
 
 ## Use Azure CLI
-To **create a namespace with minimum TLS version set to 1.2**, use the [`az servicebus namespace create`](/cli/azure/servicebus/namespace#az-servicebus-namespace-create) command with `--min-tls` set to `1.2`.
+To **create a namespace with minimum TLS version set to 1.3**, use the [`az servicebus namespace create`](/cli/azure/servicebus/namespace#az-servicebus-namespace-create) command with `--min-tls` set to `1.3`.
 
 ```azurecli-interactive
 az servicebus namespace create \
     --name mynamespace \
     --resource-group myresourcegroup \
-    --min-tls 1.2
+    --min-tls 1.3
 ```
 
 ## Use Azure PowerShell
-To **create a namespace with minimum TLS version set to 1.2**, use the [`New-AzServiceBusNamespace`](/powershell/module/az.servicebus/new-azservicebusnamespace) command with `-MinimumTlsVersion` set to `1.2`. 
+To **create a namespace with minimum TLS version set to 1.3**, use the [`New-AzServiceBusNamespace`](/powershell/module/az.servicebus/new-azservicebusnamespace) command with `-MinimumTlsVersion` set to `1.3`. 
 
 ```azurepowershell-interactive
 New-AzServiceBusNamespace `
     -ResourceGroup myresourcegroup `
     -Name mynamespace `
-    -MinimumTlsVersion 1.2
+    -MinimumTlsVersion 1.3
 ```
 
 
 ## Create a template to configure the minimum TLS version
-To configure the minimum TLS version for a Service Bus namespace, set the  `MinimumTlsVersion`  version property to 1.0, 1.1, or 1.2. When you create a Service Bus namespace with an Azure Resource Manager template, the `MinimumTlsVersion` property is set to 1.2 by default, unless explicitly set to another version.
+To configure the minimum TLS version for a Service Bus namespace, set the  `MinimumTlsVersion`  version property to 1.2 or 1.3. When you create a Service Bus namespace with an Azure Resource Manager template, the `MinimumTlsVersion` property is set to 1.2 by default, unless explicitly set to another version.
 
 > [!NOTE]
 > Namespaces created using an api-version prior to 2022-01-01-preview will have 1.0 as the value for `MinimumTlsVersion`. This behavior was the prior default, and is still there for backwards compatibility.

articles/service-bus-messaging/transport-layer-security-enforce-minimum-version.md

@@ -12,9 +12,9 @@ ms.author: egrootenboer
 
 Communication between a client application and an Azure Service Bus namespace is encrypted using Transport Layer Security (TLS). TLS is a standard cryptographic protocol that ensures privacy and data integrity between clients and services over the Internet. For more information about TLS, see [Transport Layer Security](https://datatracker.ietf.org/wg/tls/about/).
 
-Azure Service Bus supports choosing a specific TLS version for namespaces. Currently Azure Service Bus uses TLS 1.2 on public endpoints by default, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.
+Azure Service Bus supports choosing a specific TLS version for namespaces. Currently Azure Service Bus uses TLS 1.3 on public endpoints by default, but TLS 1.2 is still supported for backward compatibility.
 
-Azure Service Bus namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS. If a Service Bus namespace requires a minimum version of TLS, then any requests made with an older version will fail.
+Azure Service Bus namespaces permit clients to send and receive data with TLS 1.2 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS. If a Service Bus namespace requires a minimum version of TLS, then any requests made with an older version will fail.
 
 > [!IMPORTANT]
 > If you are using a service that connects to Azure Service Bus, make sure that service is using the appropriate version of TLS to send requests to Azure Service Bus before you set the required minimum version for a Service Bus namespace.
@@ -46,7 +46,7 @@ When a client sends a request to Service Bus namespace, the client establishes a
 Here're a few important points to consider:
 
 - A network trace would show the successful establishment of a TCP connection and successful TLS negotiation, before a 401 is returned if the TLS version used is less than the minimum TLS version configured.
-- Penetration or endpoint scanning on `yournamespace.servicebus.windows.net` will indicate the support for TLS 1.0, TLS 1.1, and TLS 1.2, as the service continues to support all these protocols. The minimum TLS version, enforced at the namespace level, indicates what the lowest TLS version the namespace will support. 
+- Penetration or endpoint scanning on `yournamespace.servicebus.windows.net` will indicate the support for TLS 1.2 and TLS 1.3, as the service continues to support all these protocols. The minimum TLS version, enforced at the namespace level, indicates what the lowest TLS version the namespace will support. 
 
 ## Next steps