Upcoming TLS changes for Azure Service Bus, Azure Event Hubs, and Azure Relay

Yesh Rajawat 115 Reputation points
2024-07-04T10:15:44.9133333+00:00

We have received a notification from azure regarding TLS where they have stated that

"To enhance security and provide best-in-class encryption for your data, we’ll require interactions with Azure services to be secured using Transport Layer Security (TLS) 1.2 or later beginning 31 October 2024, when support for TLS 1.0 and 1.1 will end. In addition to continuing support for TLS 1.2, we will enable support for TLS 1.3 for Azure Service Bus and Azure Events Hubs for all traffic except AMPQ traffic on 31 October 2024.

However, TLS 1.3 will be incompatible for Java clients using Java 11+ with Apache Proton-J that has a version older than proton-j-0.31.0. If you have Java clients that are using AMQP or JMS to reach Azure Service Bus or are using AMQP to reach Azure Event Hubs, you'll need to update any instances of Apache Proton-J that have a version older than proton-j-0.31.0.

If your clients already support TLS 1.2 or later and aren’t using Java with AMQP or JMS, no further action is required.

Required action 

To ensure you're not affected by our rollout of TLS 1.3 support, we're asking that all Java customers check their code base and update any Apache Proton-J packages that are older than proton-j-0.31.0 to a newer version. 

To help customers determine if they have a TLS 1.3 issue of any sort with their AMQP traffic, we've enabled TLS 1.3 in West Central US for AMQP traffic. You can find more details documented here."

We use azure-messaging-eventhubs java sdk to connect with azure event hub and produce and consume events from it.. Do we need to worry about this change?

Azure Service Bus
Azure Service Bus
An Azure service that provides cloud messaging as a service and hybrid integration.
579 questions
Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
591 questions
0 comments
Accepted answer
  1. Deepanshukatara-6769 7,045 Reputation points
    2024-07-04T10:31:24.53+00:00

    Hi Yesh,

    Yes, if you are using the azure-messaging-eventhubs Java SDK to connect with Azure Event Hub, you should ensure that your TLS version is at least 1.2. This is because TLS 1.0 and 1.1 are considered legacy and are planned for deprecation. Azure Event Hubs will require a minimum TLS version of 1.2 for all deployments as of October 31, 2024.

    You can set the TLS version for your Event Hubs namespace to enforce stricter security measures and require that clients send and receive data with a newer version of TLS.

    For more detailed information, you can refer to the following resources:

    By ensuring that your application uses TLS 1.2 or later, you will comply with the new security requirements and avoid any disruptions in service

    Please check if you have further questions

    Thanks
    Deepanshu

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. akinbade abiola 7,355 Reputation points
    2024-07-04T10:28:40.5633333+00:00

    Hello Yesh Rajawat,

    Thanks for your question.

    Short answer is Yes, you need to take action. If you're using Java 11+ with Apache Proton-J older than version proton-j-0.31.0, you need to update Apache Proton-J to avoid TLS 1.3 incompatibility. This only affects AMQP or JMS traffic. 

    See: https://techcommunity.microsoft.com/t5/messaging-on-azure-blog/java-client-changes-to-support-tls-1-3-with-azure-service-bus/ba-p/4089355

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments