Hi [@Celso Teixeira ] thanks for the question.
you can use a simple API call to disable weaker cipher suites. This Azure blog post shows how to Disabling Week TLS weak Ciphers. Here is the same infomation below:
Minimum TLS cipher suite is a property that resides in the site’s config and customers can make changes to disable weaker cipher suites by updating the site config through API calls. The minimum TLS cipher suite feature is currently not yet supported on the Azure Portal.
Here is an example on how to select a minimum TLS cipher suite in order to disable weaker cipher suites.
Let’s say, based from the list of supported TLS cipher suites, we would like to disable all the cipher suites that are weaker than TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
. In order to do this, we can call the Update Config API to set the property minTlsCipherSuite
to TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
. Refer to the sample API call below.
Take note that the API parameter for minTlsCipherSuite is case sensitive.
PATCH https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.Web/sites/<siteName>/config/web?api-version=2022-03-01
{ "properties": { "minTlsCipherSuite": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" } }
After successfully updating the site config, we will see the value of the property minTlsCipherSuite
change to the selected cipher suite, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
from the example above.
We will also see the value of the property supportedTlsCipherSuites
show a list of all the cipher suites that are enabled for the web app. In this case, the cipher suites that are weaker than the selected minimum cipher suite, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
, will not show up in the supportedTlsCipherSuites
property because they have been disabled for the web app.
Hope that helps. Please let us know if you have further questions.
Thanks,
Grace
If the reply is helpful, please Upvote and Accept as answer