Merge pull request #108325 from TimShererWithAquent/us1679050j

Change SSL to TLS per 1679050

Author: shawnmariejones

articles/application-gateway/application-gateway-ssl-policy-overview.md

@@ -1,6 +1,6 @@
 ---
-title: SSL policy overview for Azure Application Gateway
-description: Learn how to configure SSL policy for Azure Application Gateway and reduce encryption and decryption overhead from a back-end server farm.
+title: TLS policy overview for Azure Application Gateway
+description: Learn how to configure TLS policy for Azure Application Gateway and reduce encryption and decryption overhead from a back-end server farm.
 services: application gateway
 author: amsriva
 ms.service: application-gateway
@@ -9,15 +9,15 @@ ms.date: 11/16/2019
 ms.author: amsriva
 ---
 
-# Application Gateway SSL policy overview
+# Application Gateway TLS policy overview
 
-You can use Azure Application Gateway to centralize SSL certificate management and reduce encryption and decryption overhead from a back-end server farm. This centralized SSL handling also lets you specify a central SSL policy that's suited to your organizational security requirements. This helps you meet compliance requirements as well as security guidelines and recommended practices.
+You can use Azure Application Gateway to centralize TLS/SSL certificate management and reduce encryption and decryption overhead from a back-end server farm. This centralized TLS handling also lets you specify a central TLS policy that's suited to your organizational security requirements. This helps you meet compliance requirements as well as security guidelines and recommended practices.
 
-The SSL policy includes control of the SSL protocol version as well as the cipher suites and the order in which ciphers are used during an SSL handshake. Application Gateway offers two mechanisms for controlling SSL policy. You can use either  a predefined policy or a custom policy.
+The TLS policy includes control of the TLS protocol version as well as the cipher suites and the order in which ciphers are used during a TLS handshake. Application Gateway offers two mechanisms for controlling TLS policy. You can use either  a predefined policy or a custom policy.
 
-## Predefined SSL policy
+## Predefined TLS policy
 
-Application Gateway has three predefined security policies. You can configure your gateway with any of these policies to get the appropriate level of security. The policy names are annotated by the year and month in which they were configured. Each policy offers different SSL protocol versions and cipher suites. We recommend that you use the newest SSL policies to ensure the best SSL security.
+Application Gateway has three predefined security policies. You can configure your gateway with any of these policies to get the appropriate level of security. The policy names are annotated by the year and month in which they were configured. Each policy offers different TLS protocol versions and cipher suites. We recommend that you use the newest TLS policies to ensure the best TLS security.
 
 ### AppGwSslPolicy20150501
 
@@ -46,19 +46,19 @@ Application Gateway has three predefined security policies. You can configure yo
 |Default| False |
 |CipherSuites     |TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 <br>    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 <br>    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA <br>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA <br>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256<br>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384<br>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384<br>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256<br>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA<br>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA<br>TLS_RSA_WITH_AES_256_GCM_SHA384<br>TLS_RSA_WITH_AES_128_GCM_SHA256<br>TLS_RSA_WITH_AES_256_CBC_SHA256<br>TLS_RSA_WITH_AES_128_CBC_SHA256<br>TLS_RSA_WITH_AES_256_CBC_SHA<br>TLS_RSA_WITH_AES_128_CBC_SHA<br> |
 
-## Custom SSL policy
+## Custom TLS policy
 
-If a predefined SSL policy needs to be configured for your requirements, you must define your own custom SSL policy. With a custom SSL policy, you have complete control over the minimum SSL protocol version to support, as well as the supported cipher suites and their priority order.
+If a predefined TLS policy needs to be configured for your requirements, you must define your own custom TLS policy. With a custom TLS policy, you have complete control over the minimum TLS protocol version to support, as well as the supported cipher suites and their priority order.
 
-### SSL protocol versions
+### TLS/SSL protocol versions
 
 * SSL 2.0 and 3.0 are disabled by default for all application gateways. These protocol versions are not configurable.
-* A custom SSL policy gives you the option to select any one of the following three protocols as the minimum SSL protocol version for your gateway: TLSv1_0, TLSv1_1, and TLSv1_2.
-* If no SSL policy is defined, all three protocols (TLSv1_0, TLSv1_1, and TLSv1_2) are enabled.
+* A custom TLS policy gives you the option to select any one of the following three protocols as the minimum TLS protocol version for your gateway: TLSv1_0, TLSv1_1, and TLSv1_2.
+* If no TLS policy is defined, all three protocols (TLSv1_0, TLSv1_1, and TLSv1_2) are enabled.
 
 ### Cipher suites
 
-Application Gateway supports the following cipher suites from which you can choose your custom policy. The ordering of the cipher suites determines the priority order during SSL negotiation.
+Application Gateway supports the following cipher suites from which you can choose your custom policy. The ordering of the cipher suites determines the priority order during TLS negotiation.
 
 
 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
@@ -91,7 +91,7 @@ Application Gateway supports the following cipher suites from which you can choo
 - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 
 > [!NOTE]
-> SSL cipher suites used for the connection are also based on the type of the certificate being used. In client to application gateway connections, the cipher suites used are based on the type of server certificates on the application gateway listener. In application gateway to backend pool connections, the cipher suites used are based on the type of server certificates on the backend pool servers.
+> TLS cipher suites used for the connection are also based on the type of the certificate being used. In client to application gateway connections, the cipher suites used are based on the type of server certificates on the application gateway listener. In application gateway to backend pool connections, the cipher suites used are based on the type of server certificates on the backend pool servers.
 
 ## Known issue
 Application Gateway v2 does not currently support the following ciphers:
@@ -106,4 +106,4 @@ Application Gateway v2 does not currently support the following ciphers:
 
 ## Next steps
 
-If you want to learn to configure an SSL policy, see [Configure SSL policy on an application gateway](application-gateway-configure-ssl-policy-powershell.md).
+If you want to learn to configure a TLS policy, see [Configure TLS policy versions and cipher suites on Application Gateway](application-gateway-configure-ssl-policy-powershell.md).

articles/application-gateway/high-traffic-support.md

@@ -16,7 +16,7 @@ This article describes a few suggested guidelines to help you set up your Applic
 The following suggestions help you set up Application Gateway with WAF to handle extra traffic. 
 
 ## Use the v2 SKU over v1 for its autoscaling capabilities and performance benefits
-The v2 SKU offers autoscaling to ensure that your Application Gateway can scale up as traffic increases. It also offers other significant performance benefits, such as 5x better SSL offload performance, quicker deployment and update times, zone redundancy, and more when compared to v1. For more information, see our [v2 documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant). 
+The v2 SKU offers autoscaling to ensure that your Application Gateway can scale up as traffic increases. It also offers other significant performance benefits, such as 5x better TLS offload performance, quicker deployment and update times, zone redundancy, and more when compared to v1. For more information, see our [v2 documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant). 
 
 ## Set maximum instance count to the maximum possible (125)
 
@@ -51,5 +51,5 @@ Enable bot protection to block known bad bots. This should reduce the amount of
 
 Diagnostic logs allow you to view firewall logs, performance logs, and access logs. You can use these logs in Azure to manage and troubleshoot Application Gateways. For more information, see our [diagnostics documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-diagnostics#diagnostic-logging). 
 
-## Set up an SSL policy for extra security
-Ensure you're using the latest SSL policy version ([AppGwSslPolicy20170401S](https://docs.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview#appgwsslpolicy20170401s)). This enforces TLS 1.2 and stronger ciphers. For more information, see [configuring SSL policy versions and cipher suites via PowerShell](https://docs.microsoft.com/azure/application-gateway/application-gateway-configure-ssl-policy-powershell).
+## Set up an TLS policy for extra security
+Ensure you're using the latest TLS policy version ([AppGwSslPolicy20170401S](https://docs.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview#appgwsslpolicy20170401s)). This enforces TLS 1.2 and stronger ciphers. For more information, see [configuring TLS policy versions and cipher suites via PowerShell](https://docs.microsoft.com/azure/application-gateway/application-gateway-configure-ssl-policy-powershell).

articles/application-gateway/multiple-site-overview.md

@@ -34,7 +34,7 @@ Currently Application Gateway supports a single public IP address where it liste
 
 Application Gateway supports multiple applications each listening on different ports, but this scenario requires the applications to accept traffic on non-standard ports. This is often not a configuration that you want.
 
-Application Gateway relies on HTTP 1.1 host headers to host more than one website on the same public IP address and port. The sites hosted on application gateway can also support SSL offload with Server Name Indication (SNI) TLS extension. This scenario means that the client browser and backend web farm must support HTTP/1.1 and TLS extension as defined in RFC 6066.
+Application Gateway relies on HTTP 1.1 host headers to host more than one website on the same public IP address and port. The sites hosted on application gateway can also support TLS offload with Server Name Indication (SNI) TLS extension. This scenario means that the client browser and backend web farm must support HTTP/1.1 and TLS extension as defined in RFC 6066.
 
 ## Listener configuration element