Microsoft Azure DevOps revives TLS 1.0/1.1 with rollback Microsoft's Azure DevOps team has undone the deprecation of outdated Transport Layer Security (TLS) that occurred at the end of January because of unspecified "unexpected issues" that arose following the change. Last November, Rajesh Ramamurthy, director of product management for Azure DevOps, announced plans to phase out …
We run the on-prem Azure DevOps, and have experienced exactly the same thing with our installation in the past. I have enough knowledge to hazzard a guess as to what happened...
The back end is a bunch of TLS encrypted database connections, and connections to build agents running in Azure. I don't believe that Microsoft would have done the upgrade without testing the whole system. I could be wrong about that, but it doesn't seem likely.
The more likely issue is that incoming connections from customers are not capable of using TLS 1.2 with the weaker ciphers removed. They might have proxys / firewalls / AV scanners that are incomptible, or even worse; may be running really old OS versions that don't talk the more modern protocols. Yes, I'm looking at you, Windows 7.
@MatthewSt “You can make Win7 talk TLS1.2, but it won't do it by default”
Yes, it is a registry key*, if I remember correctly for Win 7 the registry entry is not there, you have to add it and set it the enabled value.
*Had to disable all the earlier protocols and have just TLS1.2 enabled. Had to do the same with ciphers disable all but the highest we supported at the time to make sure our software would work when only the highest protocols were enabled in the clients and server.
After documenting for test how to do this I found a handy little tool (GUI and CL) on the web called IIS Crypto which made it very easy. Shame that IIS Crypto has not been updated since 2020 and does not support TLS1.3.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
