Azure Application Gateway - new TLS policy without RSA key-exchange

Max Flentge 6 Reputation points

Good morning,

As you might know RSA key-exchange is becoming less and less popular. The reason for this being the lack of Perfect Forward Secrecy.

I was wondering if Microsoft Azure would consider releasing new TLS policy eliminating the RSA key-exchange ciphers from the cipher suite list. I know these can be customized but feel like this is something Microsoft might consider offering as a new version.

Suggestion for the updated AGW TLS Policy (changes vs AppGwSslPolicy20170401S):

  • Remove ciphers with RSA key-exchange
  • Add support for ciphers containing CHACHA20_POLY1305 bulk encryption

Thanks for considering.

Best regards,

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
975 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 23,581 Reputation points Microsoft Employee

    Hello @Max Flentge , welcome to the Microsoft Q&A forum.

    As your question is inclined towards product feature requests. It will help if you could raise this request on our product feedback portal where the community can upvote this request, and the team can implement it accordingly.

    Hope this helps! Thank you!


    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.