Add feature to only support TLS 1.2 for PCI
When a PCI scan was run on our public cosmos end point it raised an exception since TLS 1.0 has not been decommissioned.
Can there be a button on the portal to only support TLS 1.2?
Hi Nate. Thanks for your suggestion. We are currently evaluating TLS 1.2 enforcement.
In the interim if you are running a service within the Microsoft cloud all outbound connections are TLS 1.2. If you are running outside the Microsoft cloud the recommendation is to use .Net 4.6 which is TLS 1.2 by default. If you are running a VM the recommendation is to disable all transport protocols except TLS 1.2.
As mentioned this is currently being reviewed for planning. We will update this item as this progresses.
Jason Amos commented
This key will throttle TLS logging: