![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 31%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGI%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,192 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 45%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 25%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hey, seeing TLS 1.0/1.1 and 3-DES in a sslscan report on a storage account is not a vulnerability.
Even if the TLS handshake "succeeds", Azure blocks everything at the application layer if you have set the Minimum TLS Version to 1.2 (as you already have). Clients trying TLS 1.0/1.1 get an HTTP 400 right away on the first request.
Most scanners stop at the handshake and don't interpret the HTTP response, so they report "TLS 1.0 support" even though it's not actually usable.
If you want to prove it to an auditor:
curl --tls-max 1.0 https://<account>.blob.core.windows.net/ -v
--Response: HTTP 400 - TLS version not permitted
It's just an "optical trick" of the scanning tools. Your storage is compliant.