是否可以配置Azure网站SSL协议和密码 [英] Is it possible to configure Azure Web site SSL protocols & ciphers
问题描述
我希望能够在Azure网站(或Web App)上禁用TLS 1.0协议和RC4密码,但我不知道是否可行. (编辑:我知道默认情况下Azure网站上禁用了SSL 3.0,但我特别想禁用TLS 1.0)
I want to be able to disable the TLS 1.0 protocol and the RC4 cipher on an Azure website (or Web App) and I can't figure out if it's possible or not. (edit: I am aware that SSL 3.0 is disabled by default on Azure websites but I specifically want to disable TLS 1.0)
我知道要更新哪些注册表设置,但是问题当然是我无权访问操作系统.
I know what registry settings to update but the problem of course is that I don't have access to the OS.
有 NWebsec启动任务,可用于配置Web角色(或云)服务),但据我了解,该解决方案不适用于网络应用.
There's the NWebsec startup tasks that allow you to configure web roles (or cloud service) but my understanding is that this solution does not apply to web apps.
有什么解决方法吗?
推荐答案
更新2017年1月
Microsoft已完成一项功能,可以通过App Service Environment配置禁用TLS1.0.可以通过 Azure资源管理器设置自己的密码,或更改密码套件的顺序.
Microsoft have completed a feature whereby TLS1.0 can be disabled via App Service Environment configuration. It's possible to set your own ciphers through the Azure resource manager or change the cipher suite order.
有关详细信息,请参见应用服务环境"的自定义配置设置页面.
Details are available on the Custom configuration settings for App Service Environments page.
原始答案:
最初的答案是,无法在Azure Web应用程序的注册表或SSL设置中配置任何内容.
The original answer was that it is not possible to configure anything in the Registry or SSL settings in Azure web apps.
Microsoft知道PCI合规性的变化,并将在其自己的时间范围内更新运行Web应用程序的主机.他们在2015年1月宣布,他们将于2015年7月18日开始进行更新,从而使
Microsoft are aware of PCI compliance changes and will update the host machines that the web apps run on in their own time frame. They announced in January 2015 that they would starting making updates on 18th July 2015 that would result in an A grade for TLS/SSL endpoints for Auzre web apps on sites like http://ssllabs.com
随着计算能力的提高和更多漏洞的发现,这将是一个持续的问题,托管的Web应用程序必须依靠Microsoft来及时对其服务器进行修补和更新.
It's likely that this will be an on-going issue as computing power increases and more vulnerabilities are discovered and hosted web apps must rely on Microsoft to keep their servers patched and up-to-date in a timely manner.
This link has some more background information on the changes Microsoft are making: https://social.msdn.microsoft.com/Forums/azure/en-US/50f1ab33-c22a-4629-951e-b7510f6b2cbe/upgrading-tlsssl-cryptography-for-azure-web-apps?forum=windowsazurewebsitespreview
并且此链接还跟踪功能请求,该功能请求要求MS禁用Web应用程序中的不安全密码: http://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/7091994-disable-insecure-ciphers-in-azure-websites?page=2& per_page = 20
And this link also tracks the feature request that asks MS to disable insecure ciphers in Web apps: http://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/7091994-disable-insecure-ciphers-in-azure-websites?page=2&per_page=20
如果需要注册表访问和对这些设置的特定控制,则Azure选项是Cloud Service WebRoles或IAAs VM.
If registry access and specific control of these settings is a requirement, the Azure options are Cloud Service WebRoles or IAAs VMs.
这篇关于是否可以配置Azure网站SSL协议和密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
