Forum Discussion
Change SSL policy on a production server
Hi,
I'm using the Application Gateway (WAF V2) on a service on production.
It has TLS1.0 and TLS1.1 that I want to disable and just keep TLS1.2.
By doing the changes it will stop the network access to my servers?
If so, how long it takes the change?
Regards,
Ken
- ibnmbodjiSteel Contributor
Hi
You need to update the TLS version used for your application first .
If you create a TLS policy exluding older versions while your application have not been updated to use the latest one you will have connection erros for sure .
There is an article below to track the use of tls version to be sure older ones are not used
- OgawaKenCopper Contributor
Thank you for your replay. I think I should explained better my message.
So it's basically User -> (Internet) -> AGW -> Servers
Now between "User -> (Internet) -> AGW" it uses TLS1.0, 1.1 and 1.2.
In a near future I want to change it to just TLS 1.2 (TLS1.3 also if available)
I think modifying this it wouldn't affect "AGW -> Servers" TLS connection, right?
Regards
- ibnmbodjiSteel Contributor
Yes there is no impact since TLS encryption for communication between the client and the application gateway is different from TLS encryption for communication between the application gateway and the back-end servers.