Share via

Reset the Minimum TLS Cipher Suite on Azure Web App

Admin Richard 0 Reputation points
2023-12-18T10:44:39.4033333+00:00

Hi,

We recently implemented minTLScipher suite on our azure webapps to improve security but now need to scale some of these applications down as not in use but have hit an issue as this is not supported in lower tiers.

This value was set using powershell:

$SitesToBeUpdated = GetInstancesToUpdateSiteName -SiteName $siteName
$siteWithProps = Get-AzResource -ResourceGroupName $SitesToBeUpdated.ResourceGroupName -ResourceType "Microsoft.Web/sites/config" -Name $SitesToBeUpdated.Name -ExpandProperties
    
$SettingName1 =  'minTlsCipherSuite'
$SettingValue1 =  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

$siteWithProps.Properties.$SettingName1 = $SettingValue1
$siteWithProps | Set-AzResource -Force | Out-Null

This worked well but I am not able to reset or revert either in powershell or through the portal.

have tried setting the values to null but they do not persist

    $SettingName1 =  'minTlsCipherSuite'
    $SettingValue1 = $null #TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

    $SettingName2 =  'supportedTlsCipherSuites'
    $SettingValue2 = $null #TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

On rescale attempt I get the following message
"The target sku ('Premium0V3') does not support MinTlsCipherSuite, please reset MinTlsCipherSuite before making this change."

Raised with Mircrosoft Azure support but asking here incase anyone has any ideas on a faster resolution.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VenkateshDodda-MSFT 25,241 Reputation points Microsoft Employee Moderator
    2023-12-19T04:42:58.0366667+00:00

    @Admin Richard Thank you for posting your question in Microsoft Q&A, apologize for any inconvenience caused on this.

    Based on the shared information, it looks like you are trying to pass Setting Value as $null which is not accepted instead can you try resetting the cipher suite value to this TLS_RSA_WITH_AES_128_CBC_SHA which is the least cipher suite as mentioned in this blog post.

    Post changing the cipher suite to above suggested I would suggest you to retry the scaling up your app service plan.

    Also, if you are facing the issues in changing/resetting the cipher suites of app service through PowerShell or through cmdlets. I would suggest you change the Cipher suite using the portal under the configuration --> General Settings as shown below.

    User's image

    Feel free to reach back to me if you have any questions on this.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.