Categories
Azure Security

Azure Front Door configuring  SSL/TLS cipher 

After a recent penetration test on an Azure website, I received a report stating that I need to disable CBC ciphers in my TLS configuration. I was able to reproduce the issue.

https://www.ssllabs.com/ssltest/analyze.html (2024-04-25)

However, I found that on Azure Front Door Standard and Azure Front Door Premium, it’s not possible to configure the cipher order or the selection of ciphers. All of this is fully managed by Microsoft.

I can’t present any clever solution here. This is just a record of the state in April 2024.

Azure Front Door doesn’t support disabling or configuring specific cipher suites for your profile.

https://learn.microsoft.com/en-us/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium (2024-04-25)

https://learn.microsoft.com/en-us/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium (2024-04-25)

Source: End-to-end TLS with Azure Front Door