We welcome user feedback and feature requests!

Provide more secure TLS ciphers

Currently Chrome flags the CBC ciphers as obsolete. CBC ciphers are at the top of the cipher preference list of Azure Web Apps as you can see there: https://www.ssllabs.com/ssltest/analyze.html?d=test.azurewebsites.net
More info: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites


So please provide some more secure ciphers from the ECDHE cipher suite like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

58 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Radoslav Gatev shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    6 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Only cipher suites using SHA1 here have an issue - not CBC which is something different

      • JN commented  ·   ·  Flag as inappropriate

        Hi Azure team,
        I am planning to develop a web system on Azure Web apps.
        However, we need the following cipher suites for our system using SSL connection.

        • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

        We currently cannot create web system using the Web apps on App service if Azure team do not update cipher suites.
        Please update it as soon as possible and let me know the latest information. about updates

      • JN commented  ·   ·  Flag as inappropriate

        Hi Azure team,
        I am planning to develop a web system on Azure Web apps.
        However, we need the following cipher suites for our system using SSL connection.

        • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

        We currently cannot create web system using the Web apps on App service if Azure team do not update cipher suites.
        Please update it as soon as possible.

      • JN commented  ·   ·  Flag as inappropriate

        Hi Azure team,
        I am system engineer. Our customer also need the following cipher suites.

        • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256


        We currently cannot create web system using the Web apps on App service if Azure team do not update cipher suites.
        Please update it as soon as possible.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Chrome is obviously a leading browser. Its really important for Azure Web Apps to support Chrome in the highest possible manner.

      • RolfJ commented  ·   ·  Flag as inappropriate

        SSLLabs and others have determined TLS_RSA_WITH_3DES_EDE_CBC_SHA to be weak. Please disable (also from non-ASE)

      Feedback and Knowledge Base