Update end-to-end-tls.md

jessie-jyy · web-flow · commit 0f910d984c1a · 2025-04-09T15:55:39.000+08:00
removed legacy ciphers and added points to TLS policy for std/prm.
diff --git a/articles/frontdoor/end-to-end-tls.md b/articles/frontdoor/end-to-end-tls.md
@@ -33,9 +33,11 @@ Azure Front Door offloads the TLS sessions at the edge and decrypts client reque
 Azure Front Door supports two versions of the TLS protocol: TLS versions 1.2 and 1.3. All Azure Front Door profiles created after September 2019 use TLS 1.2 as the default minimum with TLS 1.3 enabled. Currently, Azure Front Door doesn't support client/mutual authentication (mTLS).
 
 > [!IMPORTANT]
-> As of March 1, 2025, TLS 1.0 and 1.1 are not allowed on new Azure Front Door profiles. If you didn't disable TLS 1.0 and 1.1 on legacy settings before this date, they'll still work temporarily but will be updated to TLS 1.2 in the future.
+> As of March 1, 2025, TLS 1.0 and 1.1 are not allowed on new Azure Front Door profiles. 
 
-You can configure the minimum TLS version in Azure Front Door in the custom domain HTTPS settings using the Azure portal or the [Azure REST API](/rest/api/frontdoorservice/frontdoor/frontdoors/createorupdate#minimumtlsversion). For a minimum TLS version 1.2, the negotiation will attempt to establish TLS 1.3 and then TLS 1.2. When Azure Front Door initiates TLS traffic to the origin, it will attempt to negotiate the best TLS version that the origin can reliably and consistently accept. Supported TLS versions for origin connections are TLS 1.2 and TLS 1.3.
+For Azure Front Door Standard and Premium, you can configure predefined TLS policy or choose the TLS cipher suite based on your organazation's security needs. You can refer to [Azure Front Door TLS policy](https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/tls-policy) and [configure TLS policy on a Front oor custom domain] (https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/tls-policy-configure).
+
+For Azure Front Door classic and Microsoft CDN classic, you can configure the minimum TLS version in Azure Front Door in the custom domain HTTPS settings using the Azure portal or the [Azure REST API](/rest/api/frontdoorservice/frontdoor/frontdoors/createorupdate#minimumtlsversion). For a minimum TLS version 1.2, the negotiation will attempt to establish TLS 1.3 and then TLS 1.2. When Azure Front Door initiates TLS traffic to the origin, it will attempt to negotiate the best TLS version that the origin can reliably and consistently accept. Supported TLS versions for origin connections are TLS 1.2 and TLS 1.3. If you want to custom the cipher suite per needs, please [migrate Front Door classic]([https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/tls-policy-configure](https://learn.microsoft.com/en-us/azure/frontdoor/tier-migration) and [Microsoft CDN classic](https://learn.microsoft.com/en-us/azure/cdn/tier-migration?toc=%2Fazure%2Ffrontdoor%2FTOC.json) to Azure Front Door standard and premium.
 
 > [!NOTE]
 > - Clients with TLS 1.3 enabled are required to support one of the Microsoft SDL compliant EC Curves, including Secp384r1, Secp256r1, and Secp521, in order to successfully make requests with Azure Front Door using TLS 1.3.
