You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/overview-tls.md
+19-1Lines changed: 19 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: Transport Layer Security (TLS) overview
3
3
description: Learn about Transport Layer Security (TLS) on App Service.
4
4
keywords: app service, azure app service, tls, transport layer security, support, web app, troubleshooting,
5
5
ms.topic: article
6
-
ms.date: 01/31/2025
6
+
ms.date: 02/18/2025
7
7
ms.author: msangapu
8
8
author: msangapu-msft
9
9
ms.custom: UpdateFrequency3
@@ -48,10 +48,28 @@ You can use Azure Policy to help audit your resources when it comes to minimum T
48
48
App Service also allows you to set minimum TLS version for incoming requests to your web app and to SCM site. By default, the minimum TLS version for incoming requests to your web app and to SCM is set to 1.2 on both portal and API.
49
49
50
50
### TLS 1.3
51
+
52
+
TLS 1.3 is the latest and most secure TLS version supported on Azure App Service. It introduces significant security and performance improvements over TLS 1.2 by simplifying cryptographic algorithms, reducing handshake latency, and enhancing encryption.
53
+
54
+
Key benefits include:
55
+
-**Stronger Security**: Removes outdated cipher suites, enforces Perfect Forward Secrecy (PFS), and encrypts more of the handshake process.
56
+
-**Faster Handshake**: Reduces round trips, improving connection latency, especially for repeated sessions (0-RTT support).
57
+
-**Better Performance**: Uses streamlined encryption algorithms that lower computational overhead and improve efficiency.
TLS 1.3 is fully supported in Azure App Service and can be enabled by setting the **Minimum Inbound TLS Version** to **1.3** in the Azure Portal, CLI, or ARM templates.
62
+
63
+
#### Cipher Suites
51
64
A [Minimum TLS Cipher Suite](#minimum-tls-cipher-suite) setting is available with TLS 1.3. This includes two cipher suites at the top of the cipher suite order:
52
65
- TLS_AES_256_GCM_SHA384
53
66
- TLS_AES_128_GCM_SHA256
54
67
68
+
Since TLS 1.3 removes legacy cryptographic algorithms, it is recommended for applications that require modern security standards, improved performance, and reduced latency.
69
+
70
+
### TLS 1.2
71
+
TLS 1.2 is the default TLS version for Azure App Service. It provides strong encryption, improved security over older versions, and compliance with industry standards such as PCI DSS. Since TLS 1.2 is the default, no action is required unless you are migrating from an older TLS version. If your app currently uses TLS 1.0 or 1.1, updating to TLS 1.2 is strongly recommended to maintain security, performance, and compliance. Azure App Service supports a predefined set of TLS 1.2 cipher suites to ensure secure communication between clients and your web app.
72
+
55
73
### TLS 1.0 and 1.1
56
74
57
75
TLS 1.0 and 1.1 are considered legacy protocols and are no longer considered secure. It's generally recommended for customers to use TLS 1.2 or above as the minimum TLS version. When creating a web app, the default minimum TLS version is TLS 1.2.
0 commit comments