Change SSL policy on a production server

Copper Contributor



I'm using the Application Gateway (WAF V2) on  a service on production.

It has TLS1.0 and TLS1.1 that I want to disable and just keep TLS1.2.

By doing the changes it will stop the network access to my servers?

If so, how long it takes the change?







5 Replies




You need to update the TLS version used for your application first . 

If you create a TLS policy exluding older versions while your application have not been updated to use the latest one you will have connection erros for sure . 

There is an article below to track the use of tls version to be sure older ones are not used



Thank you for your replay. I think I should explained better my message.


So it's basically User -> (Internet) -> AGW -> Servers

Now between "User -> (Internet) -> AGW" it uses TLS1.0, 1.1 and 1.2.

In a near future I want to change it to just TLS 1.2 (TLS1.3 also if available)


I think modifying this it wouldn't affect "AGW -> Servers" TLS connection, right?





Yes there is no impact since TLS encryption for communication between the client and the application gateway is different from TLS encryption for communication between the application gateway and the back-end servers.

@ibnmbodjiSo I wonder when I press Save on "Change SSL policy" (as the image attached on this message) the AGW will stop for some seconds or the service will continue without any stop.




Hi normally downtime is not expected but the changes should take few minutes to  be applied . 

I would suggest to use  Preprod or Dev environment to  test changes before production.