Azure CDN endpoint minimum TLS version

Security · Content Delivery Network · Rule · 2020_09 · Important

Azure CDN endpoints should reject TLS versions older than 1.2.

Description

The minimum version of TLS that Azure CDN endpoints accept is configurable. Older TLS versions are no longer considered secure by industry standards, such as PCI DSS.

Azure lets you disable outdated protocols and require connections to use a minimum of TLS 1.2. By default, TLS 1.0, TLS 1.1, and TLS 1.2 is accepted.

To configure the minimum TLS version, a custom domain must be configured.

Recommendation

Consider configuring a custom domain and setting the minimum supported TLS version to be 1.2.

Links

• SE:07 Encryption
• Preparing for TLS 1.2 in Microsoft Azure
• REST API Custom Domains - Enable Custom Https
• Azure deployment reference

Comments