LUCKY13 attack on Azure Front Door with TLS 1.2

Rasmus Larsen 25 Reputation points

Hi there,

We currently have a solution that utilizes the Front Door setup with a custom domain and an AFD managed certificate. It has been configured to meet the minimum requirement of TLS 1.2.

However, during a pen-test phase, it was discovered that the cipher suites used include CBC, which is outdated and susceptible to the LUCKY13 attack. Here is a reference link to the attack:

And here is the cipher suite documented for Front-Door:

We would like to know if there is a way to disable these ciphers, and if not we are interested in any online documentation that describes how Microsoft prevents LUCKY13 attacks against Front Door.

Thank you.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
454 questions
{count} vote

Accepted answer
  1. ChaitanyaNaykodi-MSFT 15,961 Reputation points Microsoft Employee

    @Rasmus Larsen

    Thank you for your patience here. I got a response back from the team.

    Currently disabling specific ciphers is not supported for Azure Front Door. The team is working on this feature, and it will be rolled out soon.

    The suggested work around in this case is to configure the client to not use the weak ciphers. Thank you!

    Hope this helps!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful