TLS 1.3 is now approved, this should be implemented with Web Apps
TLS 1.3 is now no longer a draft, when will Azure introduce the option to enable it?
Given TLS 1.2 was just enabled on Web Apps, we don’t have a plan for when the work will be done to enable 1.3. We will definitely leave this on the backlog as we will come back to it when relevant
This has been urgent for a while... this is a major security flaw and may force us off Web Apps...
Get it done! I thought Microsoft was taking security seriously? Microsoft should have been first out of the gate on this.
would be nice to have TLS 1.3 available in near future
I think this is now becoming more urgent - Chrome and Firefox already support 1.3, and IE/Safari I'm sure won't be far behind (Safari already has it in the Tech Preview builds).
Also Chrome, Firefox, Safari and IE are all removing TLS1.0 and TLS1.1 in Spring 2020, leaving only 1.2 on the table for Azure at that time.
Simon Kurtz commented
Tangentially, Verizon's Edgecast CDN is running TLS 1.3 now. While this applies for a subset of use-cases, if you are using the Verizon CDN through Azure, for example, you'll get TLS 1.3 immediately:
1.0 & 1.1 are being deprecated all across the internet. 1.3 is becoming available by more and more vendors. We need to tell our customers when 1.3 will be available.
Please give us a timeline.
Rob Hardman commented
Now that it's a ratified standard it'd be good to see a blog post about future support and a rough anticipated timeline. The Edge team have done so for client side, for example.
Obviously there is a lot of work involved, but the standard has been moving towards ratification for some time. As a customer, I for one am looking to the Azure team to apply 'cloud cadence' to the development of this, just as you do to so much else.
"when relevant"? Microsoft doesn't consider TLS 1.3 relevant?