I have for App Services and each one has TLS 1.0 and 1.1 enabled. I want to make sure nothing less than 1.2 is allowed. I am in a multi-tenant environment. I saw some articles talking about changing the configuration in JSON but I don't see a configuration setting or a way to save changes, however, others have said it does not work in multitenant so how do I disable these weak ciphers?
For Azure App Service, the default minimum is TLS 1.2. You can set minimum TLS in the portal via Configuration blade -- Minimum inbound TLS version. If you have this set to 1.2 and attempt to connect to your site using TLS 1.0 or 1.1 it should be rejected. Are you seeing something different?
Thank you, I found it under configuration and general settings for the apps. They were all set to 1.2 so I don't know why the vulnerability scanner is reporting the weak ciphers but this is what I was looking for.
Open the Azure Portal and go to API Management. Choose the API you wish to edit. Under Security, select Protocols + ciphers. Under Client protocol, check the box for each insecure version (SSLv3, TLS 1.1, and TLS 1.0), then select Disable.
Navigate to your storage account in the Azure portal. Under Settings, select Configuration. Under Minimum TLS version, use the drop-down to select the minimum version of TLS required to access data in this storage account.
Open the Tools menu (click on the tools icon or type Alt - x) and select Internet options. Select the Advanced tab. Scroll down to the bottom of the Settings section. If TLS is not enabled, select the checkboxes next to Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.
Click the Tools icon (gear symbol) in the upper right hand corner of the browser and click Internet Options. In the Internet Options window, select the Advanced tab. In the Advanced tab, under Settings, scroll down to the Security section. In the Security section, check Use TLS 1.1 and Use TLS 1.2.
These disable SSL 3.0, TLS 1.0, and RC4 protocols. Because this situation applies to SChannel, it affects all the SSL/TLS connections to and from the server. You must restart the computer after you change these values.
Now click the Change link under the Cipher column. Then, choose a policy that supports TLS 1.1 or higher in the Predefined Security Policies window. We have to make sure that TLS 1.0 and TLS 1.1 options are unchecked. Finally, confirm the new changes by clicking Save.
Introduction: My name is Saturnina Altenwerth DVM, I am a witty, perfect, combative, beautiful, determined, fancy, determined person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.