You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/end-to-end-tls.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: frontdoor
5
5
author: duongau
6
6
ms.service: frontdoor
7
7
ms.topic: conceptual
8
-
ms.date: 02/07/2023
8
+
ms.date: 02/15/2024
9
9
ms.author: duau
10
10
zone_pivot_groups: front-door-tiers
11
11
---
@@ -30,11 +30,11 @@ Azure Front Door offloads the TLS sessions at the edge and decrypts client reque
30
30
31
31
## Supported TLS versions
32
32
33
-
Azure Front Door supports three versions of the TLS protocol: TLS versions 1.0, 1.1, and 1.2. All Azure Front Door profiles created after September 2019 use TLS 1.2 as the default minimum, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.
33
+
Azure Front Door supports four versions of the TLS protocol: TLS versions 1.0, 1.1, 1.2 and 1.3. All Azure Front Door profiles created after September 2019 use TLS 1.2 as the default minimum with TLS 1.3 enabled, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.
34
34
35
-
Although Azure Front Door supports TLS 1.2, which introduced client/mutual authentication in RFC 5246, currently, Azure Front Door doesn't support client/mutual authentication.
35
+
Although Azure Front Door supports TLS 1.2, which introduced client/mutual authentication in RFC 5246, currently, Azure Front Door doesn't support client/mutual authentication (mTLS) yet.
36
36
37
-
You can configure the minimum TLS version in Azure Front Door in the custom domain HTTPS settings using the Azure portal or the [Azure REST API](/rest/api/frontdoorservice/frontdoor/frontdoors/createorupdate#minimumtlsversion). Currently, you can choose between 1.0 and 1.2. As such, specifying TLS 1.2 as the minimum version controls the minimum acceptable TLS version Azure Front Door will accept from a client. When Azure Front Door initiates TLS traffic to the origin, it will attempt to negotiate the best TLS version that the origin can reliably and consistently accept.
37
+
You can configure the minimum TLS version in Azure Front Door in the custom domain HTTPS settings using the Azure portal or the [Azure REST API](/rest/api/frontdoorservice/frontdoor/frontdoors/createorupdate#minimumtlsversion). Currently, you can choose between 1.0 and 1.2. As such, specifying TLS 1.2 as the minimum version controls the minimum acceptable TLS version Azure Front Door will accept from a client. For minimum TLS version 1.2 the negotiation will attempt to establish TLS 1.3 and then TLS 1.2, while for minimum TLS version 1.0 all four versions will be attempted. When Azure Front Door initiates TLS traffic to the origin, it will attempt to negotiate the best TLS version that the origin can reliably and consistently accept. Supported TLS versions for origin connections are TLS 1.0, TLS 1.1, TLS 1.2 and TLS 1.3.
38
38
39
39
## Supported certificates
40
40
@@ -105,8 +105,9 @@ For your own custom TLS/SSL certificate:
105
105
106
106
## Supported cipher suites
107
107
108
-
For TLS 1.2 the following cipher suites are supported:
109
-
108
+
For TLS 1.2/1.3 the following cipher suites are supported:
109
+
* TLS_AES_256_GCM_SHA384 (TLS 1.3 only)
110
+
* TLS_AES_128_GCM_SHA256 (TLS 1.3 only)
110
111
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
111
112
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
112
113
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
@@ -119,6 +120,8 @@ For TLS 1.2 the following cipher suites are supported:
119
120
120
121
When using custom domains with TLS 1.0 and 1.1 enabled, the following cipher suites are supported:
0 commit comments