Azure – Ensure your server running your Azure Application Proxy has TLS 1.2 enabled

If you use Azure Application Proxy to publish internal web applications, you need to ensure the server(s) running the Azure App Proxy connector has/have TLS 1.2 enabled.

By January 31st, 2019, if this/these server(s) do not have TLS 1.2 enabled you may experience service disruption as the older TLS version (1.0 and 1.1) will be disabled on Azure App Proxy.

To ensure you have TLS 1.2 enabled, just check the registry on each of the Azure Application Proxy connector server

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
    • “DisabledByDefault”=dword:00000000
    • “Enabled”=dword:00000001
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
    • “DisabledByDefault”=dword:00000000
    • “Enabled”=dword:00000001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
    • “SchUseStrongCrypto”=dword:00000001

If any of the values are incorrect or missing, just add them and restart the server.

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.