question

AndyGrning-1763 avatar image
0 Votes"
AndyGrning-1763 asked MughundhanRaveendran-MSFT rolled back

Azure Functions disable Secure Client Initiated Renegotiation

Hi there,

we ran a penetration test on a mobile app that makes requests to azure functions.
The pen test states that it allows "Secure Client Initiated Renegotiation", which is a security issue.

Is there a way to disable it on an azure app?
I cant find any documentation on this topic.

Thanks in advance for any help!

azure-functions
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndyGrning-1763 , I am checking this internally. I will get back to you once I have an update. Thanks

0 Votes 0 ·

1 Answer

MughundhanRaveendran-MSFT avatar image
0 Votes"
MughundhanRaveendran-MSFT answered MughundhanRaveendran-MSFT commented

@AndyGrning-1763 ,

Thanks for posting your query in Q&A.

I had a discussion internally with the Functions team. Actually, the Secure Client-Initiated Renegotiation has to be disabled from the backend (at the Functions platform level). It will be disabled and released worldwide by the end of May (tentatively) if everything goes well. Please note that, this is applicable only to Http triggered function.

I hope this helps!

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndyGrning-1763 ,
Following up to see if the above answer helps. Do let me know if you have any queries.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

0 Votes 0 ·