TLS version used by Azure ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-1057540%22%20slang%3D%22en-US%22%3ETLS%20version%20used%20by%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1057540%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20know%20what%20is%20the%20TLS%20version%20currently%20used%20by%20Azure%20ATP%20for%20encryption%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20reason%20why%20I%20am%20asking%20this%20is%20because%2C%20I%20have%20configured%20the%20Syslog%20server%20in%20my%20Azure%20ATP%20console%20to%20use%20the%20protocol%20as%20%22%3CSTRONG%3ETLS%20(Secured%20Syslog)%3C%2FSTRONG%3E%22%20and%20it%20looks%20like%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Elogs%20are%20not%20being%20received%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eon%20the%20syslog%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpon%20further%20troubleshooting%2C%20we%20got%20to%20know%20that%20the%20ATP%20is%20trying%20to%20use%20TLS%201.0%20for%20encryption.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EP.S%3A%20We%20have%20TLS%201.2%20enabled%20on%20the%20DC%20on%20which%20the%20ATP%20Sensor%20is%20running%20and%20have%20configured%20it%20for%20forwarding%20the%20logs%20to%20the%20syslog%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHence%2C%20thought%20of%20getting%20some%20clarity%20on%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E--%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EKarthik.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1057607%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%20version%20used%20by%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1057607%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F416206%22%20target%3D%22_blank%22%3E%40Karthik1600%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAATP%20uses%20TLS%201.2%20across%20the%20board%20with%20one%20exception%3A%20the%20syslog%20listener%2C%3C%2FP%3E%0A%3CP%3Ewhich%20is%20locked%20to%20TLS%201.0.%3C%2FP%3E%0A%3CP%3EThere%20are%20no%20plans%20to%20change%20that%20any%20time%20soon%20as%20this%20functionality%20within%20AATP%20is%20expensive%20fix%20and%20going%20to%20be%20deprecated.%20with%20the%20move%20to%20the%20new%20unified%20portal%2C%20you%20will%20be%20able%20to%20get%20syslog%20notifications%20from%20there%2C%20with%20the%20greatest%20and%20latest%20features%2C%20including%20a%20better%20TLS%20support.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1062222%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%20version%20used%20by%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1062222%22%20slang%3D%22en-US%22%3EHi%20Eli%2C%3CBR%20%2F%3EThanks%20for%20the%20quick%20reply.%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi All,

 

I would like to know what is the TLS version currently used by Azure ATP for encryption?

 

The reason why I am asking this is because, I have configured the Syslog server in my Azure ATP console to use the protocol as "TLS (Secured Syslog)" and it looks like the logs are not being received on the syslog server.

 

Upon further troubleshooting, we got to know that the ATP is trying to use TLS 1.0 for encryption.

 

P.S: We have TLS 1.2 enabled on the DC on which the ATP Sensor is running and have configured it for forwarding the logs to the syslog server.

 

Hence, thought of getting some clarity on it.

 

Thank you.

 

--

Regards,

Karthik. 

2 Replies

@Karthik1600 

AATP uses TLS 1.2 across the board with one exception: the syslog listener,

which is locked to TLS 1.0.

There are no plans to change that any time soon as this functionality within AATP is expensive fix and going to be deprecated. with the move to the new unified portal, you will be able to get syslog notifications from there, with the greatest and latest features, including a better TLS support.  

Hi Eli,
Thanks for the quick reply.