Share via

About "Remove TLS 1.0 and 1.1 from use with Azure Cache for Redis"

加賀崎 隼 185 Reputation points
2023-06-26T01:43:54.84+00:00

When I checked Azure Redis, I found the following wording from the advisor.

“TLS versions 1.0 and 1.1 are known to be susceptible to security attacks, and have other Common Vulnerabilities and Exposures (CVE) weaknesses.”

I checked below and read that anything below TLS1.2 is not recommended and 1.0,1.1 will be deprecated at some point.

https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-remove-tls-10-11

I would like to confirm again what kind of response can be considered.

・First of all, it is correspondence on the “Azure Redis” side,

Since the minimum version of TLS was 1.0 in "Advanced settings", is it possible to raise it to 1.2?

If it is not found on the application side, I think that it will be necessary to deal with it on the Azure Redis side.

Thank you.

Azure Cache for Redis
Azure Cache for Redis
An Azure service that provides access to a secure, dedicated Redis cache, managed by Microsoft.
221 questions
0 comments
Accepted answer
  1. ShaktiSingh-MSFT 13,996 Reputation points Microsoft Employee
    2023-06-26T05:28:29.45+00:00

    Hi
    加賀崎 隼     •,

    Thanks for posting this question in Microsoft Q&A forum and for using Azure Services.

    "The default minimum TLS version is 1.2 for new cache instances, at least as of 2020.  So, if you’re using TLS 1.2 in your application already, We don’t believe that you’ll need to make any changes. Setting this value explicitly to TLS 1.2 would also be fine.

     

    Our understanding is that this field basically allows you to disable support for lower versions of TLS (i.e. 1.0 and 1.1) if you want to ensure those versions aren’t used for security purposes.

    Do let us know if you have different ask.

    Thanks.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ShaktiSingh-MSFT 13,996 Reputation points Microsoft Employee
    2023-06-29T09:20:07.8466667+00:00

    Hi 加賀崎 隼 •,

    Thanks for your patience.

    I think the one other thing to mention is that if the customer is not using TLS, they will need to disable TLS/SSL access. This is very easy to do: How to configure Azure Cache for Redis | Microsoft Learn

    If not connecting with TLS, then should disable TLS access and connect with port 6379. If using TLS, then should be good to go, and they would use port 6380.

    Let us know if this helps. If this answers your query, do click Accept Answer and Mark Helpful for the same. And, if you have any further query do let us know.

    Thank you

  2. ShaktiSingh-MSFT 13,996 Reputation points Microsoft Employee
    2023-06-30T05:34:42.9233333+00:00

    Hi 加賀崎 隼 •,

    Thanks for your patience.

    I think the one other thing to mention is that if the customer is not using TLS, they will need to disable TLS/SSL access. This is very easy to do: How to configure Azure Cache for Redis | Microsoft Learn

    If not connecting with TLS, then should disable TLS access and connect with port 6379. If using TLS, then should be good to go, and they would use port 6380.Hope this helps. Thank you