Verizon premium CDN TLS cipher suites

Question

Hi there,

We use Verizon Premium SKU Azure CDN. We have a few questions about TLS configuration on the CDN. Note that we're using custom domains with custom TLS certs there.

1. Can we anyhow configure the list of supported cipher suites?
2. Do we know how the server (CDN POP) picks a cipher suites among the ones that client suggested during the handshake? What's the priority?
3. Is the priority configurable? If so, how?

Thank you!

Answer 1

@Heorhii Teriaiev

Thank you for reaching out.

Based on your questions above.

Can we anyhow configure the list of supported cipher suites?

Configuring the list of supported ciphers is currently not possible. I went through similar issues internally and I think it will be helpful if you could create a support ticket for this request as the support engineer can engage Verizon and they can let us know if this is something which can be configured by them in the backend.

Do we know how the server (CDN POP) picks a cipher suites among the ones that client suggested during the handshake? What's the priority? Is the priority configurable? If so, how?

Usually, the ordering of the cipher suites listed in server determines the priority order during TLS negotiation. But I think this is something which can be confirmed by the Verizon engineers as well as the configuration of the priority.

If you have a support plan you may file a support ticket, else could you please send an email to azcommunity@microsoft.com with the below details. I will enable a one-time free support request for you in this case.

Subject : Attn Chaitanya

Thread URL: Link to this thread.

Subscription ID

Please let me know once you have done the same.

---

​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.