How to determine which TLS cipher suites are supported by Azure API Management? These do not appear to be documented anywhere clearly and for CLIENT side (back end for outbound) - the only options in Azure are "HTTP/1.x" ON/Off and "HTTP/2" ON/OFF. Many 3rd party apis are now locking down TLS cipher suites due to various weaknesses in TLS 1.2 implementations.
1
votes
1 Answers
1
votes
Configuring an Azure API Management endpoint to proxy to https://www.howsmyssl.com/a/check , we see the following ciphers as of 4/3/2020:
{
"given_cipher_suites": [
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
],
"ephemeral_keys_supported": true,
"session_ticket_supported": true,
"tls_compression_supported": false,
"unknown_cipher_suite_supported": false,
"beast_vuln": false,
"able_to_detect_n_minus_one_splitting": false,
"insecure_cipher_suites": {},
"tls_version": "TLS 1.2",
"rating": "Probably Okay"
}
