![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 4%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
858 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 15%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Hello $@chin
I understand you're facing an issue with Azure Front Door, particularly with the reporting of weak cipher suites during a vulnerability assessment penetration test (VAPT).
Is Azure Front Door still using weak cipher suites despite the configured policy ?
Yes, Azure Front Door might still be using weak cipher suites. This can happen if:
However, the presence of weak ciphers reported may be due to client-side configurations or specific legacy protocols, rather than the Azure Front Door configuration itself.
The client (browser or tool) connecting to Azure Front Door supports weak ciphers and negotiates to use them. The configuration of Azure Front Door is not fully aligned with the expected policies due to caching or propagation delays.
If yes, what are the recommended steps to fully eliminate or mitigate these ciphers ?
Make sure you are using the latest version of Azure Front Door and check your backend resources to ensure they do not support weak ciphers.
Set up Azure Front Door with a custom TLS policy to explicitly disable any weak ciphers that might be set accidentally. Test the setup using external tools like SSL Labs to ensure it meets compliance standards.
Is this a limitation or expected behavior in Azure Front Door’s design ?
It is expected behavior that Azure Front Door implements strong cipher suites by default when configured. Any weak ciphers reported may be due to misconfigurations or clients that fall back on weak ciphers due to compatibility reasons. However, they also offer the ability to create custom policies for enhanced security measures.
If it is expected, should this be considered a security concern for our application ?
While Azure Front Door is designed to be secure with proper configuration, weak ciphers could expose your application to vulnerabilities. It's important to ensure that both Azure Front Door and your application backend are aligned in their cipher suite configurations. It is crucial to use only strong cipher suites and regularly review and update your security policies. Additionally, consider implementing security best practices such as using HSTS (HTTP Strict Transport Security) and keeping your software and dependencies up to date.
Check the public document for more understanding:
Hope the above answer helps! Please let us know do you have any further queries.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.