Skip to content

Commit 2c770b2

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #221254 from JackStromberg/patch-96
Updating v1 behavior
2 parents a672ac6 + 265e73a commit 2c770b2

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/application-gateway/ssl-overview.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: application-gateway
55
author: greg-lindsay
66
ms.service: application-gateway
77
ms.topic: conceptual
8-
ms.date: 09/13/2022
8+
ms.date: 03/27/2023
99
ms.author: greglin
1010

1111
---
@@ -58,7 +58,7 @@ End-to-end TLS allows you to encrypt and securely transmit sensitive data to the
5858

5959
When configured with end-to-end TLS communication mode, Application Gateway terminates the TLS sessions at the gateway and decrypts user traffic. It then applies the configured rules to select an appropriate backend pool instance to route traffic to. Application Gateway then initiates a new TLS connection to the backend server and re-encrypts data using the backend server's public key certificate before transmitting the request to the backend. Any response from the web server goes through the same process back to the end user. End-to-end TLS is enabled by setting protocol setting in [Backend HTTP Setting](./configuration-overview.md#http-settings) to HTTPS, which is then applied to a backend pool.
6060

61-
The [TLS policy](./application-gateway-ssl-policy-overview.md) applies only to the frontend traffic for both V1 and V2 SKU gateways. The backend TLS connection supports TLS 1.0 to TLS 1.2 versions.
61+
In Application Gateway v1 SKU gateways, [TLS policy](./application-gateway-ssl-policy-overview.md) applies the TLS version only to frontend traffic and the defined ciphers to both frontend and backend targets. In Application Gateway v2 SKU gateways, TLS policy only applies to frontend traffic, backend TLS connections will always be negotiated via TLS 1.0 to TLS 1.2 versions.
6262

6363
Application Gateway only communicates with those backend servers that have either allow-listed their certificate with the Application Gateway or whose certificates are signed by well-known CA authorities and the certificate's CN matches the host name in the HTTP backend settings. These include the trusted Azure services such as Azure App Service/Web Apps and Azure API Management.
6464

0 commit comments

Comments
 (0)