| title | description | services | author | ms.service | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|
TLS policy overview for Azure Application Gateway |
Learn how to configure TLS policy for Azure Application Gateway and reduce encryption and decryption overhead from a back-end server farm. |
application gateway |
amsriva |
application-gateway |
conceptual |
12/17/2020 |
amsriva |
You can use Azure Application Gateway to centralize TLS/SSL certificate management and reduce encryption and decryption overhead from a back-end server farm. This centralized TLS handling also lets you specify a central TLS policy that's suited to your organizational security requirements. This helps you meet compliance requirements as well as security guidelines and recommended practices.
The TLS policy includes control of the TLS protocol version as well as the cipher suites and the order in which ciphers are used during a TLS handshake. Application Gateway offers two mechanisms for controlling TLS policy. You can use either a predefined policy or a custom policy.
- SSL 2.0 and 3.0 are disabled for all application gateways and are not configurable.
- A custom TLS policy allows you to select any TLS protocol as the minimum protocol version for your gateway: TLSv1_0, TLSv1_1, TLSv1_2, or TLSv1_3.
- If no TLS policy is defined, the minimum protocol version is set to TLSv1_0, and protocol versions v1.0, v1.1, and v1.2 are supported.
- The new Predefined and Customv2 policies that support TLS v1.3 are currently in Preview and only available with Application Gateway V2 SKUs (Standard_v2 or WAF_v2).
- Using a new Predefined or Customv2 policy enhances SSL security and performance posture of the entire gateway (for SSL Policy and SSL Profile). Hence, both old and new policies cannot co-exist on a gateway. You must use any of the older predefined or custom policies across the gateway if clients require older TLS versions or ciphers (for example, TLS v1.0).
- TLS cipher suites used for the connection are also based on the type of the certificate being used. The cipher suites used in "client to application gateway connections" are based on the type of listener certificates on the application gateway. Whereas the cipher suites used in establishing "application gateway to backend pool connections" are based on the type of server certificates presented by the backend servers.
Application Gateway offers several predefined security policies. You can configure your gateway with any of these policies to get the appropriate level of security. The policy names are annotated by the year and month in which they were configured (AppGwSslPolicy<YYYYMMDD>). Each policy offers different TLS protocol versions and/or cipher suites. These predefined policies are configured keeping in mind the best practices and recommendations from the Microsoft Security team. We recommend that you use the newest TLS policies to ensure the best TLS security.
The following table shows the list of cipher suites and minimum protocol version support for each predefined policy. The ordering of the cipher suites determines the priority order during TLS negotiation. To know the exact ordering of the cipher suites for these predefined policies, you can refer to the PowerShell, CLI, REST API or the Listeners blade in portal.
| Predefined policy names (AppGwSslPolicy<YYYYMMDD>) | 20150501 | 20170401 | 20170401S | 20220101 (Preview) |
20220101S (Preview) |
|---|---|---|---|---|---|
| Minimum Protocol Version | 1.0 | 1.1 | 1.2 | 1.2 | 1.2 |
| Enabled protocol versions | 1.0 1.1 1.2 |
1.1 1.2 |
1.2 | 1.2 1.3 |
1.2 1.3 |
| Default | True | False | False | False | False |
| TLS_AES_128_GCM_SHA256 | ✗ | ✗ | ✗ | ✓ | ✓ |
| TLS_AES_256_GCM_SHA384 | ✗ | ✗ | ✗ | ✓ | ✓ |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ✓ | ✓ | ✓ | ✓ | ✓ |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ✓ | ✓ | ✓ | ✓ | ✓ |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ✓ | ✗ | ✗ | ✓ | ✗ |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ✓ | ✗ | ✗ | ✓ | ✗ |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_RSA_WITH_AES_256_GCM_SHA384 | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_RSA_WITH_AES_128_GCM_SHA256 | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_RSA_WITH_AES_256_CBC_SHA256 | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_RSA_WITH_AES_256_CBC_SHA | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_RSA_WITH_AES_128_CBC_SHA | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ✓ | ✓ | ✓ | ✓ | ✓ |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ✓ | ✓ | ✓ | ✓ | ✓ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ✓ | ✓ | ✓ | ✓ | ✗ |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ✓ | ✓ | ✓ | ✓ | ✗ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ✓ | ✓ | ✓ | ✗ | ✗ |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | ✓ | ✗ | ✗ | ✗ | ✗ |
| TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | ✓ | ✗ | ✗ | ✗ | ✗ |
If a TLS policy needs to be configured for your requirements, you can use a Custom TLS policy. With a custom TLS policy, you have complete control over the minimum TLS protocol version to support, as well as the supported cipher suites and their priority order.
Note
The newer, stronger ciphers and TLSv1.3 support are only available with the CustomV2 policy (Preview). It provides enhanced security and performance benefits.
Important
- If you are using a custom SSL policy in Application Gateway v1 SKU (Standard or WAF), make sure that you add the mandatory cipher "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" to the list. This cipher is required to enable metrics and logging in the Application Gateway v1 SKU. This is not mandatory for Application Gateway v2 SKU (Standard_v2 or WAF_v2).
- The cipher suites “TLS_AES_128_GCM_SHA256” and “TLS_AES_256_GCM_SHA384” with TLSv1.3 are not customizable. Hence, these are included by default when choosing a CustomV2 policy with minimum protocol version 1.2 or 1.3.
Application Gateway supports the following cipher suites from which you can choose your custom policy. The ordering of the cipher suites determines the priority order during TLS negotiation.
- TLS_AES_128_GCM_SHA256 (available only with Customv2)
- TLS_AES_256_GCM_SHA384 (available only with Customv2)
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- The connections to backend servers are always with minimum protocol TLS v1.0 and up to TLS v1.2. Therefore, only TLS versions 1.0, 1.1 and 1.2 are supported to establish a secured connection with backend servers.
- As of now, the TLS 1.3 implementation is not enabled with "Zero Round Trip Time (0-RTT)" feature.
- The Portal support for the new policies and TLS 1.3 is currently unavailable.
- Application Gateway v2 does not support the following DHE ciphers. These won't be used for the TLS connections with clients even though they are mentioned in the predefined policies. Instead of DHE ciphers, secure and faster ECDHE ciphers are recommended.
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
If you want to learn to configure a TLS policy, see Configure TLS policy versions and cipher suites on Application Gateway.