Redis Java clients use TLS 1.0 on Java version 6 or earlier. However, if you're using an old OS or just want to be sure, we recommend configuring the preferred TLS version manually through the client. NET Core clients default to the OS default TLS version, which depends on the OS itself.ĭepending on the OS version and any patches that have been applied, the effective default TLS version can vary. ServiceStack.Redis: Follow the ServiceStack.Redis instructions and requires ServiceStack.Redis v5.6 at a minimum.StackExchange.Redis: Set ssl=true and sslprotocols=tls12 in the connection string.NET Framework 4.5.2 or earlier, and use the latest TLS version on. NET clients use the earliest TLS version by default on. Here are instructions for configuring some of the popular client libraries, in various programming languages and frameworks, to use TLS 1.2.NET Framework Most applications use Redis client libraries to handle communication with their caches. Configure your application to use TLS 1.2 You might need to configure the Redis client library used by your application to enable TLS 1.2 to connect to Azure Cache for Redis. If the application continues to function as expected after this change, it's probably compliant. The Minimum TLS version setting is in the Advanced settings of your cache instance in the Azure portal. You can find out whether your application works with TLS 1.2 by setting the Minimum TLS version value to TLS 1.2 on a test or staging cache, then running tests. Check whether your application is already compliant
This article will be updated when specific dates are set. Phase 2 is postponed because of COVID-19. The Azure Cache for Redis service is expected to be available while we migrate it to support only TLS 1.2 or later. After this change, your application must use TLS 1.2 or later to communicate with your cache. Phase 2: We'll stop supporting TLS 1.1 and TLS 1.0. You can still use the Azure portal or other management APIs to change the minimum TLS version to 1.0 or 1.1 for backward compatibility. Existing cache instances won't be updated at this point.
Phase 1: We'll configure the default minimum TLS version to be 1.2 for newly created cache instances (previously, it was TLS 1.0).
This TLS security blog explains some of these vulnerabilities in more detail.Īs a part of this effort, we'll be making the following changes to Azure Cache for Redis: They also don't support the modern encryption methods and cipher suites recommended by Payment Card Industry (PCI) compliance standards.
TLS versions 1.0 and 1.1 are known to be susceptible to attacks such as BEAST and POODLE, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses. There's an industry-wide push toward the exclusive use of Transport Layer Security (TLS) version 1.2 or later.
0 kommentar(er)
