Merge pull request #301855 from asudbring/us444682-tm-faq-update

prmerger-automator[bot] · web-flow · commit f0cdb93ca7ff · 2025-06-25T17:56:35.000Z
Added cipher suites for TLS to TM FAQ
diff --git a/articles/traffic-manager/traffic-manager-FAQs.md b/articles/traffic-manager/traffic-manager-FAQs.md
@@ -5,7 +5,7 @@ services: traffic-manager
 author: asudbring
 ms.service: azure-traffic-manager
 ms.topic: concept-article
-ms.date: 01/28/2025
+ms.date: 06/25/2025
 ms.author: allensu
 # Customer intent: As a Cloud Architect, I want to understand Azure Traffic Manager functionalities and limitations, so that I can effectively implement it for DNS-based traffic routing and ensure optimal performance of my distributed applications.
 ---
@@ -104,6 +104,36 @@ To avoid service disruptions, resources that interact with Traffic Manager must
 
 For information about migrating from TLS 1.0 and 1.1 to TLS 1.2, see [Solving the TLS 1.0 Problem](/security/engineering/solving-tls1-problem).
 
+### What TLS cipher suites are supported by Azure Traffic Manager?
+
+Azure Traffic Manager supports modern TLS cipher suites for TLS 1.2 and TLS 1.3 to ensure secure communications. The following cipher suites are supported:
+
+**TLS 1.3 Cipher Suites**
+
+These are associated with **Protocol 772** (which corresponds to TLS 1.3):
+
+| Cipher Suite | Protocol |
+|--------------|----------|
+| TLS_AES_256_GCM_SHA384 | 772 |
+| TLS_AES_128_GCM_SHA256 | 772 |
+
+**TLS 1.2 Cipher Suites**
+
+These are associated with **Protocol 771** (TLS 1.2) and/or 65277 (used by some systems as an internal/custom code for TLS 1.2):
+
+| Cipher Suite | Protocols |
+|--------------|-----------|
+| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | 771, 65277 |
+| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 771, 65277 |
+| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 771, 65277 |
+| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 771, 65277 |
+| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | 771, 65277 |
+| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 771, 65277 |
+| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 771, 65277 |
+| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 771, 65277 |
+
+These cipher suites provide strong encryption and are compliant with modern security standards. Traffic Manager automatically negotiates the best available cipher suite during the TLS handshake process.
+
 ## Traffic Manager Geographic traffic routing method
 
 ### What are some use cases where geographic routing is useful?
