This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 76%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
I have for App Services and each one has TLS 1.0 and 1.1 enabled. I want to make sure nothing less than 1.2 is allowed. I am in a multi-tenant environment. I saw some articles talking about changing the configuration in JSON but I don't see a configuration setting or a way to save changes, however, others have said it does not work in multitenant so how do I disable these weak ciphers?
Hi Steve,
For Azure App Service, the default minimum is TLS 1.2. You can set minimum TLS in the portal via Configuration blade -- Minimum inbound TLS version. If you have this set to 1.2 and attempt to connect to your site using TLS 1.0 or 1.1 it should be rejected. Are you seeing something different?
-TP
Thank you, I found it under configuration and general settings for the apps. They were all set to 1.2 so I don't know why the vulnerability scanner is reporting the weak ciphers but this is what I was looking for.