January 28th, 2022

Azure DevOps requires TLS 1.2 on all connections including Visual Studio

Ruben Rios
Senior Program Manager

Permanent rollout of TLS 1.0/1.1 deprecation starts on March 31, 2022

Azure DevOps has provided new guidance and timelines for the TLS 1.0/1.1 deprecation.

While the permanent rollout will start on March 31, 2022, the team plans to temporarily disable support twice during March to help customers identify potential issues before the permanent rollout takes place.

Please review their new blog post for full details.

TLS 1.0/1.1 deprecation change rolled back

The Azure DevOps team rolled back the change it made on Jan 31st, 2022, to deprecate support for older versions of TLS (1.0/1.1) due to unexpected issues. For now, Azure DevOps continues to support calls made over TLS 1.0/1.1. Their team is working on a plan to address the issues and will announce a new deprecation date soon.

Starting Monday January 31st, Azure DevOps will no longer accept connections coming over TLS 1.0 and 1.1 due to security vulnerabilities in those protocols. Developers have increasingly become the target of hackers and these protocols have known security vulnerabilities not specific to Microsoft’s implementation. Going forward Azure DevOps will require TLS 1.2 for all HTTPS connections, including their web API and Git services. To avoid any issues, please upgrade to the latest version of Visual Studio.

Visual Studio 2022, Visual Studio 2019, and the latest release of Visual Studio 2017 (version 15.9 and beyond) already use TLS 1.2 and are not impacted by the upcoming change. Earlier versions of Visual Studio that are running on devices not configured to use TLS 1.2, may begin to see errors when connecting to Azure DevOps services. Features such as signing into Visual Studio, unlocking the IDE, and remote Git operations could be affected.

Some of the error messages may include:

fatal: HttpRequestException encountered. An error occurred while sending the request. while fetching or pushing to a Git repository.

error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

How to enable TLS 1.2

The easiest way to avoid these issues is to upgrade to the latest version of Visual Studio as it already uses TLS 1.2 for all HTTPS connections. If upgrading Visual Studio is not an option, you can set a set a machine-wide registry key to enable TLS 1.2 on all .NET applications including Visual Studio. Last, you can also install the latest Git for Windows tools that also use TLS 1.2.

The Azure DevOps blog has more information on the upcoming TLS changes. You can also read more about the official depreciation of TLS 1.0 and 1.1 in the IETF Data Tracker.

Author

Ruben Rios
Senior Program Manager

Ruben is a Program Manager on the Visual Studio IDE platform team. During his time at Microsoft, he’s helped build tools and services for web & mobile devs in both Visual Studio and the Microsoft Edge F12 dev tools. Before joining Microsoft, he was a professional web developer and has always been passionate about UX.

6 comments

Discussion is closed. Login to edit/delete existing comments.

  • Ben Reisner

    Hello,

    Thank you and/or everyone involved for rolling back this change. A few questions:

    1) Is there any way I can subscribe to some sort of email notifications for upcoming possibly breaking changes that Azure DevOps makes?

    Unless I'm mistaken the only way I could have known about this planned change was if I monitored the blogs and didn't miss the post. There wasn't even any banner or notifications from within dev.azure.com's website.

    I would think that project administrators should have been emailed automatically with increasing aggresiveness if there were any connections being made to their projects with...

    Read more
  • MK · Edited

    This change broke the connectivity to the azure organizations from self hosted agents on Windows server 2012 R2 machines. Not be able to get the connection working even after following the steps to enable TLS1.2. Any pointers on that ?

    • Ruben RiosMicrosoft employee Author

      Hello!

      Are you still having problems?

      The TLS 1.0/1.1 deprecation change was rolled back for now.

      Please check the Azure DevOps blog for more details.

      Thanks!

    • Austyn Poor

      Any word on this? Having the same issue.

      • Ruben RiosMicrosoft employee Author · Edited

        Hello, the TLS 1.0/1.1 deprecation change was rolled back for now.

        Please check the Azure DevOps blog for more details.

        Thanks!