TLS upgrade broke Azure DevOps for some users

By

TLS 1.0/1.1 temporarily turned back on.

Microsoft has decided to reverse a security upgrade it applied to its Azure DevOps cloud-based software development and life cycle management system, after it caused problems for users on IPv4 connections.

TLS upgrade broke Azure DevOps for some users

In January, the company rolled out Transport Layer Security (TLS) 1.2-only access to the service, something which will now be reversed for some users.

The aim was to comply with the Internet Engineering Task Force’s March 2021 to deprecate the obsolete TLS versions that didn’t support current cryptographic algorithms.

The old TLS versions were also subject to protocol downgrade attacks like Poodle.

Microsoft hasn’t explained what issues arose during the upgrade, but in this blog post said that the deprecation of TLS 1.0 and TLS 1.1 cause some “unexpected issues” for IPv4 users.

Azure DevOps Platform product manager Mark Graham wrote that IPv6 endpoints were already enforcing TLS 1.2, so those customers are unaffected.

“We anticipate minimal impacts to our customers as more than 99.5% of connections made to Azure DevOps Services already use TLS 1.2. Clients have TLS 1.2-compatibility issues because of obsolete OS version or if available updates are not applied (applies for all Windows, macOS and Linux) or legacy .NET Framework installation or OS configuration prohibiting certain TLS cipher suites”, Graham’s post stated.

To help customers identify Azure DevOps-facing software that can’t support TLS 1.2, Microsoft will disable TLS 1.0/1.1 for 12 hours on March 22 for https://orgname.visualstudio.com domains; and March 24 for the https://dev.azure.com/orgname domains.

Graham’s post also tells users how to test their TLS support in PowerShell, YAML, or as a pipeline task. 

He warns users that a browser check won’t catch an incompatibility: “Browsers often use crypto libraries (such as OpenSSL) and thus circumvent the classic HTTP/TLS stack that other software uses”.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?