Dear Microsoft Regarding RDS, our pen testers highlighted that this uses TLSv1.0 which is now an insecure protocol and should be disabled, however, if you do this RDS breaks! You’d think MS would provide an update to mitigate this security risk but instead they state that this is expected as the connection broker depends on TLS 1.0 (https://support.microsoft.com/en-nz/help/4036954/disabling-tls1-0-can-cause-rds-connection-broker-or-rdms-to-fail) and the resolution options are: • Set up RDS without Connection Broker for a single server installation. • Do not disable TLS 1.0 on a single Connection Broker deployment. • Configure a high availability Connection Broker deployment that uses dedicated SQL Server. Microsoft - surely it is your responsibility to remove use of TLS v1.0 and replace with v1.2 to continue to make your product secure for your customers, instead of putting the onus on your customers to roll out a ha deployment solution at their own cost? Surely you can provide an update to mitigate this issue?
Community Manager