stackoom
  简体   繁体   中英

Aure APP SSL Complaint

 原文  2017-04-01 00:17:03       azure-app-service-envrmnt/ azure-app-api

Question

Recently we had a security scan for our one of the azure app and found that this was not security complaint . TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher is weak and it should not be supported

could you please let me know if there is any way to solve this . have already left a feedback for this in azure portal

1 answers

solution1
 0  2017-07-11 09:32:28

The 3DES cipher suites were removed 2 months ago. If you run your report now, it will no longer be flagged.

Here is a report for one of my sites hosted on Azure Web Apps: SSL Labs test

Do note the deadline for PCI DSS 3.1 has been postponed until June 30th 2018 .

You can also use App Service Environment. Here you can alter the cipher suite order and even disable TLS if needed. See this": Change TLS cipher suite order

Below is a screenshot of the current list of supported cipher suites: Azure Web Apps中受支持的密码套件(2017年7月)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSL for redirected domain to Azure app service SSL/TLS connections not working when deployed as Azure App Service Azure - Connecting multiple app service containers with custom domain and ssl How to Remove Azure ILB ASE SSL Certificate Azure App Service Usage Azure App Service Facebook Azur web app in a VNet Azure App service with App service plan using ARM template Azure App Service : Multi container app with three containers (How to handle) Provision App Service Environment with Terraform
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM