Description of TLS have a little confusions

[Park-minkyu]

Hello team,

I was looking for information about TLS Version supporting of Azure and found article below :

Azure SQL connectivity settings - https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal#minimal-tls-version

Article describes how to configure TLS in AzureSQL and work with it. following part of article above tell us that connection using TLS that has version lower than minimum supported version configured in azure portal is not allowed to connect with following error.

https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal#change-public-network-access

Error 47072 Login failed with invalid TLS version

and I was thinking if that part lead us to wrong conclusion due to causing a confusion at following part. Am I allowed to connect to azuresql using driver of non-support minimum version of TLS or not allowed got me wrong.?

Thank you!

https://learn.microsoft.com/en-us/azure/azure-sql/database/security-overview?view=azuresql#transport-layer-security-encryption-in-transit

Important

Note that some non-Microsoft drivers may not use TLS by default or rely on an older version of TLS (<1.2) in order to function. In this case the server still allows you to connect to your database. However, we recommend that you evaluate the security risks of allowing such drivers and application to connect to SQL Database, especially if you store sensitive data. ..

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 58b45acf-ef28-45b0-8d10-6ad0d88ce313
• Version Independent ID: 8f552234-ea92-74e2-6d9d-a008f6422ed7
• Content: Security Overview - Azure SQL Database & Azure SQL Managed Instance
• Content Source: azure-sql/database/security-overview.md
• Service: sql-db-mi
• Sub-service: security
• GitHub Login: @jaszymas
• Microsoft Alias: jaszymas

[ManoharLakkoju-MSFT]

@Park-minkyu Thanks for your feedback! We will investigate and update as appropriate.

[shaktisingh-msft]

Hi @jaszymas,

Could you please look into this document enhancement request. Thanks!

[Park-minkyu]

hello, @shaktisingh-msft

This is the article I mentioned from beginning. This make me confusing.

https://learn.microsoft.com/en-us/azure/azure-sql/database/security-overview?view=azuresql#transport-layer-security-encryption-in-transit

[WilliamDAssafMSFT]

I'm having trouble understanding the question or scenario the needs to change @Park-minkyu and @shaktisingh-msft. The default is to allow TLS 1.0, 1.1, and 1.2. Changing the Minimum TLS version would result in error 47072 when using a version of TLS lower than the Minimum TLS version. Is this question to clarify the behavior of the Minimum TLS version setting in Azure SQL Database?

[WilliamDAssafMSFT]

#assign:WilliamDAssafMSFT

[VanMSFT]

Most drivers are updated nowadays to allow TLS versions up to 1.2 and beyond. In the past, or if you're using an old driver, it didn't support TLS 1.2, and hence why there's that Important note.

[Park-minkyu]

@WilliamDAssafMSFT @VanMSFT I guess I did mistaken meaning of minimum version. I should be able to connect to azure depend on the minimum TLS version setting on azure portal regardless the version of my driver.

You both made my way clear. I really appreciate it.

[WilliamDAssafMSFT]

#assign:VanMSFT

[WilliamDAssafMSFT]

#please-close

[WilliamDAssafMSFT]

Thanks for taking the time to make this clear here, @Park-minkyu.