Azure App Service - Disable Weak ciphers

%3CLINGO-SUB%20id%3D%22lingo-sub-2117552%22%20slang%3D%22en-US%22%3EAzure%20App%20Service%20-%20Disable%20Weak%20ciphers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117552%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20application%20deployed%20to%20Azure%20App%20service.%20our%20IT%20security%20team%20has%20detected%20weak%20ciphers%20are%20enabled%20during%20secure%20communication%20(SSL).%26nbsp%3B%3C%2FP%3E%3CP%3ERecommended%20approach%20is%20to%26nbsp%3Ballow%20only%20strong%20ciphers%20to%20protect%20secure%20communication.%20In%20on-prem%2C%20we%20can%20update%20the%20registry%2C%20however%2C%20i%20would%20like%20to%20know%20the%20best%20practices%20for%20Azure%20app%20service.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E---------------------------------%3C%2FP%3E%3CP%3E%3CSTRONG%3EList%20of%20Supported%20Weak%20Ciphers%3C%2FSTRONG%3E%3CBR%20%2F%3ETLS_RSA_WITH_AES_256_CBC_SHA256%20(0x003D)%3CBR%20%2F%3ETLS_RSA_WITH_AES_128_CBC_SHA256%20(0x003C)%3CBR%20%2F%3ETLS_RSA_WITH_AES_256_CBC_SHA%20(0x0035)%3CBR%20%2F%3ETLS_RSA_WITH_AES_128_CBC_SHA%20(0x002F)%3CBR%20%2F%3ETLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384%20(0xC028)%3CBR%20%2F%3ETLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256%20(0xC027)%3CBR%20%2F%3ETLS_ECDHE_RSA_WITH_AES_256_CBC_SHA%20(0xC014)%3CBR%20%2F%3ETLS_ECDHE_RSA_WITH_AES_128_CBC_SHA%20(0xC013)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Visitor

Hi Team,

 

We have application deployed to Azure App service. our IT security team has detected weak ciphers are enabled during secure communication (SSL). 

Recommended approach is to allow only strong ciphers to protect secure communication. In on-prem, we can update the registry, however, i would like to know the best practices for Azure app service. 

 

---------------------------------

List of Supported Weak Ciphers
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013)

0 Replies