We would like to let you know about upcoming security improvements we’re making for PCI compliance.
The PCI Security Standards Council announced that PCI-compliant web applications must transition from TLS version 1.0 to TLS 1.1 or higher by June 30, 2018.
- API Management service instances are created with TLS 1.0/1.1/1.2 enabled by default
- 3DES cipher is enabled by default
- Customers have an option of disabling TLS 1.0/1.1 and 3DES cipher either in the Azure Portal or programmatically
Starting on April 1, 2018:
- All new API Management service instances will be created with TLS 1.0/1.1 and 3DES cipher disabled by default. TLS 1.2 will be the only TLS version enabled by default.
- TLS configuration of API Management service instances created before April 1, 2018, will remain unchanged
- Customers will have an option to enable TLS 1.0/1.1 and 3DES cipher either in the Azure Portal or programmatically
We encourage all existing customers, if possible, to discontinue using TLS 1.0/1.1.