Share via


Cipher Suite Change

Microsoft is announcing the removal of RC4 from the supported list of negotiable ciphers on our service endpoints in Microsoft Azure.

This change is to update the SSL cipher suite order and the removal of the RC4 ciphers from the suite.

The Cipher Suite order determines the cipher suites used by the SSL/TLS.

The following cipher suite order is used:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Please let us know if you have any questions by posting in the Comments section below.

Thanks!

Tom

Comments

  • Anonymous
    May 27, 2016
    Dear Microsoft,I have run an SSLLABS report and it tells me that my server accepts RC4 cipher which I understand from this report, you say it is removed. Can you please advise if there is any manual activity I am required to do to remove this; my understanding is that it was removed automatically.Thanks for a quick reply,Nick De Blasio
    • Anonymous
      June 01, 2016
      Hi Nick - the Azure platform has deprecated RC4 and new images are targeted. However, old ones will need to be updated.
  • Anonymous
    July 11, 2016
    The comment has been removed
    • Anonymous
      July 20, 2016
      Hi Bart -Thanks! We'll look into this - thanks for the pointer.Tom
  • Anonymous
    November 21, 2016
    With the SWEET32 vulnerability https://sweet32.info/ (CVE-2016-2183, CVE-2016-6329), the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher should be removed from this list and 3-DES disabled on the server ASAP.It would be useful if we could opt-out with a configuration on the Azure portal.