This article is more than 1 year old
The 'IoT' in Microsoft IoT Hub means Internet of Trying-to-kill-off-whiffy-crypto-protocol: TLS 1.0/1.1 spared axe again
Stay of execution granted after customer 'feedback'
Microsoft has indefinitely postponed the deprecation of Transport Level Security (TLS) 1.0 and 1.1 in its IoT Hub.
Redmond had previously threatened to kill the outdated protocol off on 1 July 2020, and a similar fate for the tech in its Device Provisioning Service (DPS) before realising that DPS didn't actually support it anyway. DPS is 1.2 only.
The decision is the latest in a long line of backtracking by the company, which has stated in not so many words that TLS 1.0/1.1 must be destroyed by fire deprecated wherever it is found.
It spared TLS 1.0 and 1.1 from an Azure DevOps Services cull back in March but has otherwise been trying to put a bullet in the shonky crypto tech for quite some time, to the point where it backported TLS 1.2 to Windows XP POSReady 2009.
The problem is that TLS dates back more than 20 years and is therefore rather common, with older devices and applications simply not supporting it. As such, the company has listened to the wailing of customers, faced with the prospect of dealing with upgrades to existing applications and devices and stepped back.
Microsoft's Azure IoT Hub is a managed service, aimed at provided bi-directional communication between an IoT app and the devices managed by it – Microsoft makes the lofty claim that "you can connect virtually any device to IoT Hub". The realisation that not everything is ready for the post-1.0/1.1 world is likely a factor in the backtracking.
There is no indication when the axeman will return, although Microsoft regards TLS 1.2 "as the encryption mechanism of choice for IoT devices and services" so we'd advise not holding off on an update, not least because TLS 1.0 and 1.1 are perhaps a tad whiffy nowadays. ®