Azure DevOps requires TLS 1.2 on all connections including Visual Studio

Ruben Rios

Permanent rollout of TLS 1.0/1.1 deprecation starts on March 31, 2022

Azure DevOps has provided new guidance and timelines for the TLS 1.0/1.1 deprecation.

While the permanent rollout will start on March 31, 2022, the team plans to temporarily disable support twice during March to help customers identify potential issues before the permanent rollout takes place.

Please review their new blog post for full details.

TLS 1.0/1.1 deprecation change rolled back

The Azure DevOps team rolled back the change it made on Jan 31st, 2022, to deprecate support for older versions of TLS (1.0/1.1) due to unexpected issues. For now, Azure DevOps continues to support calls made over TLS 1.0/1.1. Their team is working on a plan to address the issues and will announce a new deprecation date soon.

Starting Monday January 31st, Azure DevOps will no longer accept connections coming over TLS 1.0 and 1.1 due to security vulnerabilities in those protocols. Developers have increasingly become the target of hackers and these protocols have known security vulnerabilities not specific to Microsoft’s implementation. Going forward Azure DevOps will require TLS 1.2 for all HTTPS connections, including their web API and Git services. To avoid any issues, please upgrade to the latest version of Visual Studio.

Visual Studio 2022, Visual Studio 2019, and the latest release of Visual Studio 2017 (version 15.9 and beyond) already use TLS 1.2 and are not impacted by the upcoming change. Earlier versions of Visual Studio that are running on devices not configured to use TLS 1.2, may begin to see errors when connecting to Azure DevOps services. Features such as signing into Visual Studio, unlocking the IDE, and remote Git operations could be affected.

Some of the error messages may include:

fatal: HttpRequestException encountered. An error occurred while sending the request. while fetching or pushing to a Git repository.

error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

How to enable TLS 1.2

The easiest way to avoid these issues is to upgrade to the latest version of Visual Studio as it already uses TLS 1.2 for all HTTPS connections. If upgrading Visual Studio is not an option, you can set a set a machine-wide registry key to enable TLS 1.2 on all .NET applications including Visual Studio. Last, you can also install the latest Git for Windows tools that also use TLS 1.2.

The Azure DevOps blog has more information on the upcoming TLS changes. You can also read more about the official depreciation of TLS 1.0 and 1.1 in the IETF Data Tracker.