How do you disable TLS/SSL support for 3DES cipher suite on a Private end point...when the private end point NIC is on an Azure storage account?

Paul Swaray 1 Reputation point
2022-09-07T13:49:13.473+00:00

I have a private end point (xxxxxxxxx-pe)...NIC on Azure storage account yyyyyyyyyyy. And I need to Disable TLS/SSL support for 3DES cipher suite...on this server or Private end point. How do you disable TLS/SSL support for 3DES cipher suite on a Private end point...when the private end point NIC is on an Azure storage account?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,715 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
469 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 43,801 Reputation points Microsoft Employee
    2022-09-09T06:51:01.783+00:00

    @Paul Swaray Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    You can disable TLS 1.0 and 1.1 on the storage account. That will apply to connections over the private endpoint as well.

    This article explains the supported registry setting information for the Windows implementation of the Transport Layer Security (TLS) protocol

    How to disable protocols

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 239055-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments
  2. Sumarigo-MSFT 43,801 Reputation points Microsoft Employee
    2022-09-09T06:51:01.967+00:00

    @Paul Swaray Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    You can disable TLS 1.0 and 1.1 on the storage account. That will apply to connections over the private endpoint as well.

    This article explains the supported registry setting information for the Windows implementation of the Transport Layer Security (TLS) protocol

    How to disable protocols

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 239055-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments
  3. Tyler Gerber 0 Reputation points
    2024-02-22T23:12:03.0133333+00:00

    As listed on https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version?tabs=portal

    "The cipher suite used when clients send data to and receive data from a storage account is dependent on the TLS version used. It is not possible to configure a storage account to block the use of specific ciphers, other than by requiring a minimum TLS version. If you require the ability to allow only specific cipher suites when connecting to your storage account, consider using Azure Application Gateway. For more information about using Application Gateway for this purpose, see Configure TLS policy versions and cipher suites on Azure Application Gateway."

    0 comments