What are cipher suites, forward secrecy? | Steps to limit cipher suites on Azure

Background

Your security team performed a security scan and found vulnerabilities on cipher suites on your site and requested you resolve them.

Client browser communicates with your server through HTTPS encruption and SSL/TLS encryption and your server will support a range of encryption methods (cipher suites). Ciphers are algorithms, more specifically they’re a set of steps for performing a cryptographic function. Some cipher suites are more secure than others. You can read here to find out more on cipher suites here — https://www.thesslstore.com/blog/cipher-suites-algorithms-security-settings/

First step is to be able to find out the list of available cipher suites independently . If your site is reachable from the internet, you can check its the security using free scan website — https://www.ssllabs.com/

By default, the security of Azure App Service is considerably good
Default list of cipher suites

If you are using App Service, bad news, there is no way to further limit the cipher suites. You will need setup an Application Gateway infront of an App Service to allow customization.

At your Application Gateway panel, go to the Listeners panel highlighted as in the screenshot:

Click on “Listeners” on the left menu
Click on Custom (changed)
Exclude those in red. You can include The ciphers in green.

Click on “Save”. Perform the scan again and you should see a reduced list.

The remaining list after customization

Security is important it usually break in the weakest link/layer and this should be part of the DevSecOps to scan your application regularly. Today’s strong cipher will become weak tomorrow. And a strong developer needs to be well-informed in every aspect of the application.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Louis.Z

A passionate software engineer with strong background in web technology, product development and design architecture.