If you use Azure Application Proxy to publish internal web applications, you need to ensure the server(s) running the Azure App Proxy connector has/have TLS 1.2 enabled.

By January 31st, 2019, if this/these server(s) do not have TLS 1.2 enabled you may experience service disruption as the older TLS version (1.0 and 1.1) will be disabled on Azure App Proxy.

To ensure you have TLS 1.2 enabled, just check the registry on each of the Azure Application Proxy connector server

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
    • “DisabledByDefault”=dword:00000000
    • “Enabled”=dword:00000001
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
    • “DisabledByDefault”=dword:00000000
    • “Enabled”=dword:00000001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
    • “SchUseStrongCrypto”=dword:00000001

If any of the values are incorrect or missing, just add them and restart the server.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.