What are cipher suites, forward secrecy? | Steps to limit cipher suites on Azure
Your security team performed a security scan and found vulnerabilities on cipher suites on your site and requested you resolve them.
What does it mean?
Client browser communicates with your server through HTTPS encruption and SSL/TLS encryption and your server will support a range of encryption methods (cipher suites). Ciphers are algorithms, more specifically they’re a set of steps for performing a cryptographic function. Some cipher suites are more secure than others. You can read here to find out more on cipher suites here — https://www.thesslstore.com/blog/cipher-suites-algorithms-security-settings/
First step is to be able to find out the list of available cipher suites independently . If your site is reachable from the internet, you can check its the security using free scan website — https://www.ssllabs.com/
If you are using App Service, bad news, there is no way to further limit the cipher suites. You will need setup an Application Gateway infront of an App Service to allow customization.
Steps to limit the cipher suites on Azure Gateway
At your Application Gateway panel, go to the Listeners panel highlighted as in the screenshot:
Click on “Save”. Perform the scan again and you should see a reduced list.
Security is important it usually break in the weakest link/layer and this should be part of the DevSecOps to scan your application regularly. Today’s strong cipher will become weak tomorrow. And a strong developer needs to be well-informed in every aspect of the application.