Hello Aidin Azimi,
Currently, Azure Front Door does not provide a built-in feature to manually limit the cipher suites. However, you can achieve this by using Azure Application Gateway in combination with Azure Front Door.
Here's an approach you can follow:
Set up Azure Application Gateway: Deploy an Azure Application Gateway in front of your Azure Front Door. Azure Application Gateway provides more granular control over the cipher suites and TLS settings.
Configure Cipher Suites on Azure Application Gateway: Configure the cipher suites on the Azure Application Gateway to include only the desired ones, excluding TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384. You can use the PowerShell or Azure CLI to configure the Application Gateway with the desired cipher suites.
Route Traffic to Azure Front Door: Configure the Azure Application Gateway to route the traffic to your Azure Front Door backend. This way, all incoming requests will pass through the Application Gateway before reaching Azure Front Door.
By using this setup, you can have more control over the cipher suites and TLS settings by configuring them on the Azure Application Gateway. This gives you the flexibility to limit the cipher suites based on your specific security requirements.
Alternatively, if you are looking for CDN options in Azure, you can consider using Azure CDN. Azure CDN also provides features like TLS termination and allows you to configure the supported cipher suites. You can configure Azure CDN to front your static website and apply the desired cipher suite settings.
Please note that both Azure Application Gateway and Azure CDN have their own pricing and considerations. Evaluate and choose the option that best fits your requirements and budget.
I hope this information helps you in achieving your desired cipher suite configuration for Azure Front Door. If you have any further questions, feel free to ask!