Is there any plan to move away from CBC based ciphers within TLS cipher suites in Azure Bastion?

Sas P 0 Reputation points
2024-01-26T15:38:36.42+00:00

We have had a report from a security pen test vendor stating that weak CBC based ciphers are still in use by the Azure Bastion service and ideally these should be disabled. Viable alternatives include AES-GCM and ChaCha20-Poly1305 suites. I read in a Microsoft article that in future the customer will be able to configure the minimum TLS Cipher suite to be used on the Azure service. https://techcommunity.microsoft.com/t5/apps-on-azure-blog/min-tls-cipher-suite-preview-now-available-on-azure-portal-and/ba-p/3804134 Is Azure Bastion on any roadmap to have the same configurable setting? Or is there any plan to disable the future use of these ciphers in relation to Azure Bastion? Thank you

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
264 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.