Share via

Does the "Update Azure Application Gateway to TLS 1.2 or later before 31 August 2025" bulletin from Azure mean that non-TLS HTTP connections to backend app service resources will no longer be supported?

MDubDev 41 Reputation points
2025-04-29T20:33:23.9566667+00:00

Does the "Update Azure Application Gateway to TLS 1.2 or later before 31 August 2025" bulletin from Azure in the following link mean that non-TLS HTTP connections to backend app service resources will no longer be supported, or will the the HTTP backend protocol option still be available and function for backends in the application gateway?

https://azure.microsoft.com/en-us/updates?id=azure-application-gateway-support-for-tls-10-and-tls-11-will-end-by-31-august-2025

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,185 questions
0 comments
Accepted answer
  1. Silvia Wibowo 5,866 Reputation points Microsoft Employee Moderator
    2025-04-29T20:51:24.1566667+00:00

    Hi @MDubDev , the notification about end of support for TLS 1.0 and TLS 1.1 applies to Application Gateway listener configured with HTTPS. In other words, it requires the client (web browser that your users use) to use minimum of TLS 1.2 to connect to Application Gateway.

    HTTP can still be used for:

    • Communication from Application Gateway to your back-end service.
    • Application Gateway listener, although this is not recommended. The traffic between user and Application Gateway is not encrypted and prone to MITM attack.

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Bandaru 3,145 Reputation points Microsoft External Staff Moderator
    2025-04-29T21:00:07.8233333+00:00

    Hello MDubDev

    I understand that you are concerned about the implications of the bulletin regarding TLS 1.2 and its impact on non-TLS HTTP connections to backend app services. Here are the details:

    Starting from August 31, 2025, Azure Application Gateway will no longer support TLS 1.0 and 1.1. This change primarily affects the TLS connections used for frontend clients to connect to the Application Gateway, meaning all front-end traffic must use TLS 1.2 or later.

    However, regarding your question about backend app service resources, you can still use HTTP connections to those backends. The Application Gateway supports the HTTP protocol as a backend protocol option, which means you can configure it without enforcing TLS for backend app services. Nevertheless, for security best practices, it's highly recommended to use HTTPS connections (with TLS 1.2 or later) for backend communications when possible.

    Here’s a summary of important points:

    • Frontend connections: Must be TLS 1.2 or later after August 31, 2025.
    • Backend connections: Non-TLS (HTTP) connections are likely to be supported, but using HTTPS is advisable for security.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.           

    User's image

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.