in ASE disable TLS 1.1
Allow for the disablement of TLS 1.1 protocols from ASE in a similar method as TLS 1.0. This would help secure systems further for ISVs building new API Apps and help with additional security concerns and compliance for PCI and others.
Allowing for the same method but adding an additional JSON in cluster settings to actually trigger the TLS 1.1 disablement would be good.
We just introduced the option to disable 1.0 and 1.1 for multi-tenant in App Service. ASE will shortly follow in a matter of weeks.
Tim Posey commented
FYI: You can disable this through PowerShell:
Select-AzureRmsubscription -SubscriptionName "my subscription name"
$gw = Get-AzureRmApplicationGateway -Name my-gateway -ResourceGroupName my-resource-group
Set-AzureRmApplicationGatewaySslPolicy -DisabledSslProtocols TLSv1_0, TLSv1_1 -ApplicationGateway $gw
$gw | Set-AzureRmApplicationGateway
Get-AzureRmApplicationGatewaySslPolicy -ApplicationGateway $gw