cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Web Application Gateway (WAF) Cipher Suites

N V
Copper Contributor

‎Jul 02 2017 11:42 AM

‎Jul 02 2017 11:42 AM

Azure Web Application Gateway (WAF) Cipher Suites

Hello ,

I've installed SSL certiifcate on Azure WAF. After a quick test on ssllabs, we've got a grade of B.

Main cause : Server supports weak Diffie-Hellman(DH) key exchange parameters.

 

After scrolling through the report, in the cipher suites section (TLS1.2), there are certain weak suites that have been pointed out as per below screenshot.ssllabs.PNGIs this an issue  with my SSL certificate or with the ciphers being used on the WAF?

What can be done to solve the issue?

 

 

Labels:
6,113 Views
1 Like
3 Replies
Reply
3 Replies
Kent Gaardmand

‎Jul 04 2017 09:39 PM

‎Jul 04 2017 09:39 PM

Re: Azure Web Application Gateway (WAF) Cipher Suites

Application Gateway supports disabling the following protocol version; TLSv1.0TLSv1.1, and TLSv1.2.

 

see step 11 here

0 Likes
Reply
N V

‎Jul 05 2017 12:03 AM

‎Jul 05 2017 12:03 AM

Re: Azure Web Application Gateway (WAF) Cipher Suites

Is it best practice to disable TLS ?

0 Likes
Reply
Kent Gaardmand

‎Jul 05 2017 01:53 AM

‎Jul 05 2017 01:53 AM

Re: Azure Web Application Gateway (WAF) Cipher Suites

there is know security risks to leave it open, so unless you have legacy devices, then yes

0 Likes
Reply