cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Change SSL policy on a production server

OgawaKen
Copper Contributor

‎Jan 26 2021 01:46 AM

‎Jan 26 2021 01:46 AM

Change SSL policy on a production server

Hi,

 

I'm using the Application Gateway (WAF V2) on  a service on production.

It has TLS1.0 and TLS1.1 that I want to disable and just keep TLS1.2.

By doing the changes it will stop the network access to my servers?

If so, how long it takes the change?

 

Regards,

Ken

 

 

 

2,193 Views
0 Likes
5 Replies
Reply
5 Replies
ibnmbodji

‎Jan 26 2021 03:48 AM

‎Jan 26 2021 03:48 AM

Re: Change SSL policy on a production server

@OgawaKen 

 

Hi 

You need to update the TLS version used for your application first . 

If you create a TLS policy exluding older versions while your application have not been updated to use the latest one you will have connection erros for sure . 

There is an article below to track the use of tls version to be sure older ones are not used 

https://cloudadministrator.net/2017/11/14/find-if-you-are-using-only-tls-1-2-protocol-with-log-analy...

 

0 Likes
Reply
OgawaKen

‎Jan 26 2021 05:40 PM

‎Jan 26 2021 05:40 PM

Re: Change SSL policy on a production server

@ibnmbodji 

Thank you for your replay. I think I should explained better my message.

 

So it's basically User -> (Internet) -> AGW -> Servers

Now between "User -> (Internet) -> AGW" it uses TLS1.0, 1.1 and 1.2.

In a near future I want to change it to just TLS 1.2 (TLS1.3 also if available)

 

I think modifying this it wouldn't affect "AGW -> Servers" TLS connection, right?

 

Regards

0 Likes
Reply
ibnmbodji

‎Jan 28 2021 08:53 AM

‎Jan 28 2021 08:53 AM

Re: Change SSL policy on a production server

@OgawaKen 

 

Yes there is no impact since TLS encryption for communication between the client and the application gateway is different from TLS encryption for communication between the application gateway and the back-end servers.

 

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powers...

Preview file
79 KB
0 Likes
Reply
OgawaKen

‎Feb 01 2021 12:55 AM

‎Feb 01 2021 12:55 AM

Re: Change SSL policy on a production server

@ibnmbodjiSo I wonder when I press Save on "Change SSL policy" (as the image attached on this message) the AGW will stop for some seconds or the service will continue without any stop.

Regards

Preview file
56 KB
0 Likes
Reply
ibnmbodji

‎Feb 01 2021 01:11 AM - edited ‎Feb 01 2021 01:14 AM

‎Feb 01 2021 01:11 AM - edited ‎Feb 01 2021 01:14 AM

Re: Change SSL policy on a production server

@OgawaKen 

 

Hi normally downtime is not expected but the changes should take few minutes to  be applied . 

I would suggest to use  Preprod or Dev environment to  test changes before production.

0 Likes
Reply