We welcome user feedback and feature requests!

Either sun set TLS 1.0 or give users the means to disable it

We chose Azure App Services to host a new web application which was scheduled to go live by the end of March, 2016. Incredibly, we are now finding that TLS 1.0 cannot be disabled on App Services. Because of that, we cannot pass a PCI DSS 3.1 scan. We’ve looked through all of the posts and replies on MS forums related to this, but there is no answer to the specific question we have. We understand that there are alternative hosting solutions like ASE and Web Roles where MS has the means to disable TLS 1.0. Both of these represent additional time and effort to setup and deploy our QA and production sites, and both represent additional compute costs for resources that we definitely don’t need (i.e., we have no worker processes and would prefer to not pay for worker instances). We also understand that PCI is requiring new applications to be DSS 3.1 compliant even though they have extended the deadline for existing applications to June, 2018.

So, the question is whether Microsoft is planning to give users the ability to disable TLS 1.0 in ordinary (i.e., non-ASE) App Services. Or, will you finally be sun setting TLS 1.0 in ordinary App Services? All of the replies referred to above were extremely vague about what exactly is on the roadmap for App Services. Could we please have a definitive answer whether we will have this ability to disable TLS 1.0 before the June, 2018 deadline? If so, we may be able to prepare a mitigation and migration plan that would grant us an exception to the DSS 3.1 compliance.

For what it’s worth, we came to Microsoft because it appeared to be the clear PaaS leader. Please tell us that MS thought this through and has a cost effective PaaS strategy that is consistent with the entire industry regarding secure protocols. If not, then what differentiates Azure VMs from AWS VMs?

14 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

5 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base