Jul 02 2017 11:42 AM
Hello ,
I've installed SSL certiifcate on Azure WAF. After a quick test on ssllabs, we've got a grade of B.
Main cause : Server supports weak Diffie-Hellman(DH) key exchange parameters.
After scrolling through the report, in the cipher suites section (TLS1.2), there are certain weak suites that have been pointed out as per below screenshot.Is this an issue with my SSL certificate or with the ciphers being used on the WAF?
What can be done to solve the issue?
Jul 04 2017 09:39 PM
Application Gateway supports disabling the following protocol version; TLSv1.0, TLSv1.1, and TLSv1.2.
see step 11 here
Jul 05 2017 12:03 AM
Is it best practice to disable TLS ?
Jul 05 2017 01:53 AM
there is know security risks to leave it open, so unless you have legacy devices, then yes