Disable Weak TLS Ciphers on Azure App Service

Madaan (Wipro), Sanket 26 Reputation points
2022-11-16T18:41:49.9+00:00

By following this article:
https://azure.github.io/AppService/2022/10/11/Public-preview-min-tls-cipher-suite.html

I have made the changes to set minTlsCipherSuite to "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256".
But after checking with nmap , we can still see all other ciphers. I have attached the screenshot on Nmap.261048-screenshot-2022-11-17-000736.png

Did I do something wrong or what is written in the article doesn't work?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,960 questions
0 comments No comments
{count} vote

Accepted answer
  1. brtrach-MSFT 17,741 Reputation points Microsoft Employee Moderator
    2022-11-17T02:30:19.4+00:00

    @Madaan (Wipro), Sanket Thank you for your interest in configuring the cipher suites via our new feature set.

    Please note that this feature is still in public preview. Typically, within Azure, public preview means that we do not recommend using it on production services as there still might be items to be enhanced or additional features added at a later time that could change how the public preview feature/service behaves.

    Two items to consider:

    1. Are you using a multitenant web app? Keep in mind that using an App Service Environment (ASE) is considered to be an isolated environment and the steps to disable ciphers for an ASE are different.
    2. Do you have any other Azure services in front of your web app? You had listed a few other tags with your question so we wanted to see if you might have something like an app gateway in front of your web app, which can also control the cipher suites available.

    Lastly, can you please see what is available via Azure resource explorer.

    1. Go to https://resources.azure.com/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Web/sites/WebAppName
    2. Update in the URL subscriptionID, resourceGroupName, and WebAppName with the respective values for your web app.
    3. Under the main page for your web app in resource explorer, you should see a field called "supportedTlsCipherSuites"
    4. This field should verify what data has been set for your web app.

    Let us know if these tips did not help resolve the issue. We would gladly assist you further if needed.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.