back to article Microsoft Azure DevOps revives TLS 1.0/1.1 with rollback

Microsoft's Azure DevOps team has undone the deprecation of outdated Transport Layer Security (TLS) that occurred at the end of January because of unspecified "unexpected issues" that arose following the change. Last November, Rajesh Ramamurthy, director of product management for Azure DevOps, announced plans to phase out …

  1. Dave White

    I blame the users

    We run the on-prem Azure DevOps, and have experienced exactly the same thing with our installation in the past. I have enough knowledge to hazzard a guess as to what happened...

    The back end is a bunch of TLS encrypted database connections, and connections to build agents running in Azure. I don't believe that Microsoft would have done the upgrade without testing the whole system. I could be wrong about that, but it doesn't seem likely.

    The more likely issue is that incoming connections from customers are not capable of using TLS 1.2 with the weaker ciphers removed. They might have proxys / firewalls / AV scanners that are incomptible, or even worse; may be running really old OS versions that don't talk the more modern protocols. Yes, I'm looking at you, Windows 7.

    1. MatthewSt

      Re: I blame the users

      Considering one of the comments on the blog post is "How do I get VS2012 to work with it?" that's probably a safe bet!

      You can make Win7 talk TLS1.2, but it won't do it by default

      1. Falmari Silver badge

        Re: I blame the users

        @MatthewSt “You can make Win7 talk TLS1.2, but it won't do it by default”

        Yes, it is a registry key*, if I remember correctly for Win 7 the registry entry is not there, you have to add it and set it the enabled value.

        *Had to disable all the earlier protocols and have just TLS1.2 enabled. Had to do the same with ciphers disable all but the highest we supported at the time to make sure our software would work when only the highest protocols were enabled in the clients and server.

        After documenting for test how to do this I found a handy little tool (GUI and CL) on the web called IIS Crypto which made it very easy. Shame that IIS Crypto has not been updated since 2020 and does not support TLS1.3.

    2. Strahd Ivarius Silver badge

      Re: I blame the users

      People running end-of-life OS are totally responsible for the mess they are in.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like