Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
Will TLS1.2 with cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 work after 31 August 2025? (device WISE4060/LAN)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 99%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Mikael Plate
6
Reputation points
It is not clear to me from the following documentation if TLS1.2 with cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 will work when connecting to Azure IoT Hub after 31 August 2025. We are using Advantech WISE4060/LAN devices and from Metrics I can see that they are using TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS1.2.
The following page says that "The following non-recommended cipher suites are allowed on hubs without minTlsVersion:1.2 until August 31, 2025", which is fine. But will they work WITH minTlsVersion:1.2?
https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-tls-support
Are the TLS_RSA* cipher suites just not recommended after 31 Augusti 2025 or are they completely blocked? If blocked, we seem to be toast since our devices uses TLS_RSA_WITH_AES_256_GCM_SHA384.
Added information: the Azure IoT Hub in question is in region West Europe.
What is interesting is that the Swedish version of the same page (we are a Swedish company) does not mention the date 31 August 2025 at all in the corresponding paragraph and is more clear that they are not recommended, but does not mention that they would be blocked at a date.
https://learn.microsoft.com/sv-se/azure/iot-hub/iot-hub-tls-support
Swedish text:
Följande chiffersviter är för närvarande tillåtna i IoT Hub. Dessa chiffersviter rekommenderas dock inte längre av Azures säkerhetsriktlinjer. Dessa chiffersviter fungerar med TLS-versionerna 1.0, 1.1 och 1.2.
Translated to English using Copilot:
The following cipher suites are currently permitted in IoT Hub. However, these cipher suites are no longer recommended according to Azure's security guidelines. They are compatible with TLS versions 1.0, 1.1, and 1.2.
Azure IoT Hub
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 74%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VSawhney 880 Reputation points Microsoft External Staff Moderator2025-08-12T10:58:46.25+00:00 Hello Mikael Plate,
Hey! It looks like you're trying to figure out whether TLS 1.2 with the cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 will continue to work with Azure IoT Hub after August 31, 2025, especially since you are using the Advantech WISE4060/LAN devices.
Based on the documentation, starting August 31, 2025, Azure IoT Hub will enforce the use of recommended strong cipher suites, and non-recommended (weak) cipher suites, including TLS_RSA_WITH_AES_256_GCM_SHA384, will no longer be supported. This means that after this date, your devices that rely on this specific cipher suite will not be able to establish a connection to Azure IoT Hub if minTlsVersion is set to 1.2.
To clarify your concerns about whether the cipher suites would be just "not recommended" or completely blocked: they will be entirely unsupported after August 31, 2025. Unfortunately, this indicates that you'll need to update your devices to use one of the supported cipher suites listed in the documentation.
Here are the recommended cipher suites that will be supported after that date:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Hope this helps clarify things for you!
Thank you!
Sign in to comment
Sign in to answer