Merge pull request #109874 from TimShererWithAquent/us1679050dc

PRMerger8 · web-flow · commit 834612ba41bb · 2020-04-01T14:09:18.000-07:00
Change SSL to TLS per 1679050
diff --git a/articles/security/fundamentals/network-best-practices.md b/articles/security/fundamentals/network-best-practices.md
@@ -149,12 +149,12 @@ We recommend that you employ load balancing whenever you can, and as appropriate
 - Accepts only a secure connection, so unencrypted communication to the server is not an acceptable option.
 - Requires multiple HTTP requests on the same long-running TCP connection to be routed or load balanced to different back-end servers.
 
-**Load-balancing option**: Use [Azure Application Gateway](/azure/application-gateway/application-gateway-introduction), an HTTP web traffic load balancer. Application Gateway supports end-to-end SSL encryption and [SSL termination](/azure/application-gateway/application-gateway-introduction) at the gateway. Web servers can then be unburdened from encryption and decryption overhead and traffic flowing unencrypted to the back-end servers.
+**Load-balancing option**: Use [Azure Application Gateway](/azure/application-gateway/application-gateway-introduction), an HTTP web traffic load balancer. Application Gateway supports end-to-end TLS encryption and [TLS termination](/azure/application-gateway/application-gateway-introduction) at the gateway. Web servers can then be unburdened from encryption and decryption overhead and traffic flowing unencrypted to the back-end servers.
 
 **Scenario**: You need to load balance incoming connections from the internet among your servers located in an Azure virtual network. Scenarios are when you:
 
 - Have stateless applications that accept incoming requests from the internet.
-- Don't require sticky sessions or SSL offload. Sticky sessions is a method used with Application Load Balancing, to achieve server-affinity.
+- Don't require sticky sessions or TLS offload. Sticky sessions is a method used with Application Load Balancing, to achieve server-affinity.
 
 **Load-balancing option**: Use the Azure portal to [create an external load balancer](../../load-balancer/quickstart-load-balancer-standard-public-portal.md) that spreads incoming requests across multiple VMs to provide a higher level of availability.
 
diff --git a/articles/security/fundamentals/overview.md b/articles/security/fundamentals/overview.md
@@ -230,11 +230,11 @@ Microsoft [Azure Application Gateway](../../application-gateway/overview.md) pro
 
 ![Application Gateway](./media/overview/azure-security-fig2.png)
 
-It allows you to optimize web farm productivity by offloading CPU intensive SSL termination to the Application Gateway (also known as “SSL offload” or “SSL bridging”). It also provides other Layer 7 routing capabilities including round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based routing, and the ability to host multiple websites behind a single Application Gateway. Azure Application Gateway is a layer-7 load balancer.
+It allows you to optimize web farm productivity by offloading CPU intensive TLS termination to the Application Gateway (also known as “TLS offload” or “TLS bridging”). It also provides other Layer 7 routing capabilities including round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based routing, and the ability to host multiple websites behind a single Application Gateway. Azure Application Gateway is a layer-7 load balancer.
 
 It provides failover, performance-routing HTTP requests between different servers, whether they are on the cloud or on-premises.
 
-Application provides many Application Delivery Controller (ADC) features including HTTP load balancing, cookie-based session affinity, [Secure Sockets Layer (SSL)](../../application-gateway/tutorial-restrict-web-traffic-powershell.md) offload, custom health probes, support for multi-site, and many others.
+Application provides many Application Delivery Controller (ADC) features including HTTP load balancing, cookie-based session affinity, [TLS offload](../../application-gateway/tutorial-restrict-web-traffic-powershell.md), custom health probes, support for multi-site, and many others.
 
 ### Web Application Firewall
 Web Application Firewall is a feature of [Azure Application Gateway](../../application-gateway/overview.md) that provides protection to web applications that use application gateway for standard Application Delivery Control (ADC) functions. Web application firewall does this by protecting them against most of the OWASP top 10 common web vulnerabilities.
diff --git a/articles/security/fundamentals/service-fabric-best-practices.md b/articles/security/fundamentals/service-fabric-best-practices.md
@@ -26,7 +26,7 @@ We recommend the following Azure Service Fabric security best practices:
 -	Use X.509 certificates.
 -	Configure security policies.
 -	Implement the Reliable Actors security configuration.
--	Configure SSL for Azure Service Fabric.
+-	Configure TLS for Azure Service Fabric.
 -	Use network isolation and security with Azure Service Fabric.
 -	Configure Azure Key Vault for security.
 -	Assign users to roles.
@@ -114,13 +114,13 @@ Every actor is defined as an instance of an actor type, identical to the way a .
 [Replicator security configurations](../../service-fabric/service-fabric-reliable-actors-kvsactorstateprovider-configuration.md) are used to secure the communication channel that is used during replication. This configuration prevents services from seeing each other's replication traffic and ensures that highly available data is secure. By default, an empty security configuration section prevents replication security.
 Replicator configurations configure the replicator that is responsible for making the Actor State Provider state highly reliable.
 
-## Configure SSL for Azure Service Fabric
-The server authentication process [authenticates](../../service-fabric/service-fabric-cluster-creation-via-arm.md) the cluster management endpoints to a management client. The management client then recognizes that it's talking to the real cluster. This certificate also provides an [SSL](../../service-fabric/service-fabric-cluster-creation-via-arm.md) for the HTTPS management API and for Service Fabric Explorer over HTTPS.
+## Configure TLS for Azure Service Fabric
+The server authentication process [authenticates](../../service-fabric/service-fabric-cluster-creation-via-arm.md) the cluster management endpoints to a management client. The management client then recognizes that it's talking to the real cluster. This certificate also provides a [TLS](../../service-fabric/service-fabric-cluster-creation-via-arm.md) for the HTTPS management API and for Service Fabric Explorer over HTTPS.
 You must obtain a custom domain name for your cluster. When you request a certificate from a certificate authority, the certificate's subject name must match the custom domain name that you use for your cluster.
 
-To configure SSL for an application, you first need to obtain an SSL certificate that has been signed by a CA. The CA is a trusted third party that issues certificates for SSL security purposes. If you don't already have an SSL certificate, you need to obtain one from a company that sells SSL certificates.
+To configure TLS for an application, you first need to obtain an SSL/TLS certificate that has been signed by a CA. The CA is a trusted third party that issues certificates for TLS security purposes. If you don't already have an SSL/TLS certificate, you need to obtain one from a company that sells SSL/TLS certificates.
 
-The certificate must meet the following requirements for SSL certificates in Azure:
+The certificate must meet the following requirements for SSL/TLS certificates in Azure:
 -	The certificate must contain a private key.
 
 -	The certificate must be created for key exchange and be exportable to a personal information exchange (.pfx) file.
@@ -131,13 +131,13 @@ The certificate must meet the following requirements for SSL certificates in Azu
     - Request a certificate from a CA with a subject name that matches your service's custom domain name. For example, if your custom domain name is __contoso__**.com**, the certificate from your CA should have the subject name **.contoso.com** or __www__**.contoso.com**.
 
     >[!NOTE]
-    >You cannot obtain an SSL certificate from a CA for the __cloudapp__**.net** domain.
+    >You cannot obtain an SSL/TLS certificate from a CA for the __cloudapp__**.net** domain.
 
 -	The certificate must use a minimum of 2,048-bit encryption.
 
 The HTTP protocol is unsecure and subject to eavesdropping attacks. Data that is transmitted over HTTP is sent as plain text from the web browser to the web server or between other endpoints. Attackers can intercept and view sensitive data that is sent via HTTP, such as credit card details and account logins. When data is sent or posted through a browser via HTTPS, SSL ensures that sensitive information is encrypted and secure from interception.
 
-To learn more about using SSL certificates, see [Configure SSL for Azure applications](../../cloud-services/cloud-services-configure-ssl-certificate-portal.md).
+To learn more about using SSL/TLS certificates, see [Configuring TLS for an application in Azure](../../cloud-services/cloud-services-configure-ssl-certificate-portal.md).
 
 ## Use network isolation and security with Azure Service Fabric
 Set up a 3 nodetype secure cluster by using the [Azure Resource Manager template](../../azure-resource-manager/templates/template-syntax.md) as a sample. Control the inbound and outbound network traffic by using the template and Network Security Groups.
