Set 'minimum tls inbound cipher suite' using powershell

WinTechie 286 Reputation points
2023-09-06T13:26:55.47+00:00

Hi,

I am looking for the property which lets me set minimum tls inbound cipher suite for the azure app service using powershell.

I have been looking for it in the "set-azwebapp" but I could only find '-mintlsversion'

however there is an API based solution available to set this setting like below,

https://azure.github.io/AppService/2022/10/11/Public-preview-min-tls-cipher-suite.html

But I am specifically looking for powershell way of doing it.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,766 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Grmacjon-MSFT 17,876 Reputation points
    2023-09-07T05:35:05.93+00:00

    Hi @WinTechie you can try this command:

    New-AzWebAppSSLBinding -ResourceGroupName <resource-group-name> -WebAppName <app-service-name> -Name <ssl-binding-name> -MinProtocolVersion <min-tls-version> -MinCipherSuite <min-cipher-suite>
    

    You can also set minimum tls inbound cipher suite for the azure app in the Azure portal:

    You can find this feature in your resource overview page under “Configuration” > “General settings” > “Min TLS Cipher Suite (preview)”. Click on “change” to configure your minimum TLS cipher suite. 

    Best,

    -Grace


  2. TP 94,811 Reputation points
    2023-09-07T08:01:32.9533333+00:00

    @WinTechie Give below code a try--it's what I've been testing with:

    $webapp = Get-AzResource -Name mywebapp -ResourceGroupName myresourcegroup -ResourceType Microsoft.Web/sites
    $webapp.Properties.siteConfig.minTlsCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
    $webapp|Set-AzResource -Force
    

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.