The All-Inclusive Update for Everything TLS on App Service

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

This article will provide you with an all-inclusive update around all App Service TLS related features. In the past year, we have announced a couple of updates in this area, and to keep things simple, this article will be broken down to these different areas/features: 

1. TLS 1.3 Updates 
2. Min TLS Cipher Suite (Preview) 
3. End-to-end (E2E) TLS Encryption (Preview) 

TLS 1.3 Updates 

As an update to the previous article about the upcoming TLS 1.3 changes on App Service, we have now fully rolled out TLS 1.3 globally. If you require all your inbound requests to be TLS 1.3, you can also set your “Minimum Inbound TLS Version” to be “TLS 1.3” on any client (ie. Portal, CLI, ARM).  

Configuring Min TLS Version to TLS 1.3 

Azure Portal 

CLI 

TLS 1.3 Cipher Suites 

With the new TLS 1.3 updates, you will also see new TLS cipher suites in your “Minimum TLS Cipher Suite” feature. This will include two cipher suites at the top of the cipher suite order. 

1. TLS_AES_256_GCM_SHA384  
2. TLS_AES_128_GCM_SHA256 

Refer to the "Min TLS Cipher Suite (Preview)" section of the article for further updates on that feature. 

App Service Environment (ASE) V3 with Cluster Setting “FrontEndSSLCipherSuiteOrder” 

For ASE customers who have “FrontEndSSLCipherSuiteOrder” cluster setting configured, you will need to update your cluster settings to include our two TLS 1.3 cipher suites in the cluster setting (listed below) and to reboot your front-ends afterwards. You must still include the two required cipher suites as mentioned in the docs. 

1. TLS_AES_256_GCM_SHA384  
2. TLS_AES_128_GCM_SHA256  

Min TLS Cipher Suite (Preview)   

In a previous article about Min TLS Cipher Suite (Preview), we had called-out that we will be updating the cipher suite priority ordering based on the recommendations in TLS Cipher Suites in Windows 2022. You can expect this cipher suite priority order change to be completed by May 17th. Keep in mind that while the list of supported cipher suites along with its priority order may still be updated later, we don’t expect this to happen frequently.   

This feature is currently still only available to Premium App Service Plans. We have plans to open this for Basic plans and above in the coming months – stay tuned! 

Understanding Impact of Update  

The main change that’s happening is that the “TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256” is moving to a lower priority to be consistent with Windows cipher suite ordering. Despite the change with the ordering, the front-end's OS would still pick the most secure cipher suite that is supported by both App Service and the client. In general, we expect this change to be a non-issue for almost all customers. If your clients have a hard dependency on a specific TLS cipher suite being chosen, you may want to review this as soon as possible.  

Previous TLS Cipher Suite Priority Order  

1. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
2. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  
3. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
4. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
5. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
6. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
7. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
8. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
9. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 
10. TLS_RSA_WITH_AES_256_GCM_SHA384 
11. TLS_RSA_WITH_AES_128_GCM_SHA256 
12. TLS_RSA_WITH_AES_256_CBC_SHA256 
13. TLS_RSA_WITH_AES_128_CBC_SHA256 
14. TLS_RSA_WITH_AES_256_CBC_SHA 
15. TLS_RSA_WITH_AES_128_CBC_SHA 

New TLS Cipher Suite Priority Order  

1. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
2. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
3. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
4. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
5. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
6. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
7. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
8. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
9. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 
10. TLS_RSA_WITH_AES_256_GCM_SHA384 
11. TLS_RSA_WITH_AES_128_GCM_SHA256 
12. TLS_RSA_WITH_AES_256_CBC_SHA256 
13. TLS_RSA_WITH_AES_128_CBC_SHA256 
14. TLS_RSA_WITH_AES_256_CBC_SHA 
15. TLS_RSA_WITH_AES_128_CBC_SHA 

Example Scenario 1 

Depending on your app’s configured minimum TLS cipher suite, your app might end up disabling “TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256” cipher suite (#2 from previous list; #5 from new list) after the cipher suite order update. As an example, if your app’s current configured minimum is set to “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256” (#5 from previous list; #4 from new list), your web app will allow client requests that uses “TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256”. However, after the update, your app will no longer allow client requests that use “TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256” cipher suite because that cipher suite would be less secure than the set minimum cipher suite.  

Example Scenario 2 

If you selected “TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256” TLS cipher suite (#2 from previous list; #5 from new list) as the minimum, your app would end up enabling more TLS cipher suites after this change. As an example, if your current minimum is set to the said TLS cipher suite, your web app will allow client requests that uses either of the top two TLS cipher suites from the previous list. After the update, your web app will allow client requests that uses one of the top five TLS cipher suites from the new list.   

TLS 1.3 Cipher Suites 

As mentioned in the previous section of this article, with the new support of TLS 1.3, we will be supporting two new TLS 1.3 cipher suites. You can reference the complete list of cipher suites below which will include TLS 1.3 cipher suites along with the newest update of cipher suite ordering as mentioned earlier in this section. This order will start from the strongest cipher suite on the list down to the weakest one. 

1. TLS_AES_256_GCM_SHA384   
2. TLS_AES_128_GCM_SHA256 
3. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  
4. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  
5. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384  
6. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  
7. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  
8. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384  
9. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256  
10. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA  
11. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA  
12. TLS_RSA_WITH_AES_256_GCM_SHA384  
13. TLS_RSA_WITH_AES_128_GCM_SHA256  
14. TLS_RSA_WITH_AES_256_CBC_SHA256  
15. TLS_RSA_WITH_AES_128_CBC_SHA256  
16. TLS_RSA_WITH_AES_256_CBC_SHA  
17. TLS_RSA_WITH_AES_128_CBC_SHA 

Min TLS Cipher Suites with App Service Environment (ASE) Cluster Setting “FrontEndSSLCipherSuiteOrder” 

If your App Service Environment (ASE) already has cluster setting “FrontEndSSLCipherSuiteOrder” configured, it is not recommended to also enable min TLS cipher suite for your web app. Doing so could lead to issues with conflicting cipher suites between the two configurations. You should only configure one or the other. 

End-to-end (E2E) TLS Encryption (Preview) 

In a previous article about E2E TLS Encryption (Preview) feature, we mentioned that this feature is only supported on Linux multi-tenants. We are excited to announce that this feature is now available for Windows multi-tenant web apps as well! It is available to Standard App Service Plans and above.  

As a quick refresher, without E2E TLS encryption, incoming HTTPS requests would have TLS terminated on our front-ends and continue as HTTP to the workers running the application workloads. Once you enable this feature, front-end intra-cluster traffic between App Service front-ends and the workers running application workloads would now be encrypted. Below is a simple diagram to help you understand how the feature works. 

Configuring E2E TLS Encryption (Preview) 

Azure Portal 

Sample API Call 

Conclusion

This wraps up all the latest for App Service TLS feature area. Don't forget that Build 2024 is happening next week to catch all the other announcements for our other features/areas!