How can confirm my Azure Web App is using TLS v1.2?

Question

I've seen this article: How do I disable SSL fallback and use only TLS for outbound connections in .NET? (Poodle mitigation)

With Azure web apps I didn't know if the IIS sites were already set up to deny earlier versions of TLS/SSL. Or should i implement a code fix like the article recommends.

To clarify further, with azure web sites i can't set registry keys the way I can with on-prem or IaaS IIS server. I can try to use the ServicePointManager in .NET. But I can't for my SPA that is built in non-.NET. So if sites in Azure were configurable somehow, that would be ideal. Or if I can do something with web.config that would work. But I wanted to first see if Azure locks this down for me somehow. — Bryan, Nov 02 '16 at 02:58

score 1 · Answer 1 · answered Nov 02 '16 at 01:33

I suggest that you test your app with https://www.ssllabs.com/ssltest/ or similar. There are a number of other tools (including commandline clients, although I've only used them on Linux) but the SSLLabs test is solid and useful IMO.

That should give you insight into what you may need to tweak to make it as secure as possible.

Note: I'm a Linux guy and know next to nothing about Azure, but unless I'm missing something this seems like a pretty generic question.

Thanks, Jeremy. See my comment above. Trying to ask this specific to Azure. — Bryan, Nov 02 '16 at 02:59

score 1 · Answer 2 · answered May 03 '17 at 04:12

1

Each Azure Web app having default certificate you can see this certificate and it uses TLS 1.2 security certificate.' In firfox left side of URL on browser you can click on Lock symbol to see certificate. path(Click Lock icon-->click More Information ---Click Certificate) you will see Algo and Certificate details. Default certificate is secure for internal use in company

answered May 03 '17 at 04:12

Megha

41
1
5

This is the answer to question – Megha Mar 06 '18 at 09:37

score 0 · Accepted Answer · edited May 23 '17 at 12:02

0

As I know, Azure WebApp doesn’t support it at currently. From my experience, since we don’t have enough access to configure anything in the registry in the WebApp. We can use startup task to change registry settings, if it is CloudService. I also find some materials in the SO, more details please refer to thread.

edited May 23 '17 at 12:02

Community

1
1

answered Nov 02 '16 at 09:47

Tom Sun - MSFT

24,161
3
30
47

I made a test that showed SSL3 didn’t work but TLS 1.0 and higher did work. HttpWebRequest request = WebRequest.Create("https://www.myurl.com/") as HttpWebRequest; //SecurityProtocolType.Ssl3; // doesn't work //SecurityProtocolType.Tls; //works //SecurityProtocolType.Tls11; //works ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; //works var response = request.GetResponse(); I used Fiddler to confirm the version as getting sent as expected. – Bryan Nov 03 '16 at 17:29

How can confirm my Azure Web App is using TLS v1.2?

3 Answers3