How do I configure Perfect Forward Secrecy in Windows Azure (OS, or Websites)

后端 未结 2 1752
北海茫月
北海茫月 2021-01-06 17:09

I want to move my website to Windows Azure, but need to make sure that I\'m using PFS on all my instances and roles. (regular web roles and Websites as well)

How do

2条回答
  •  醉梦人生
    2021-01-06 17:23

    This excellent article by André N. Klingsheim explains detailed options for hardening the SSL/TLS configuration on Windows Server and Windows Azure. This includes

    • Disabling SSL
    • Enabling TLS
    • Changing Cipher Suite Priorities

    The author additionally provides a NuGet package as well as related source code for handling these updates during Azure role startup.

    If you want to enforce (perfect) forward secrecy over just enabling it you will probably want to disable all cipher suites not supporting that. Looking at the relevant powershell script all TLS_RSA_*-suites need to be removed from $preferredCipherSuites. Note that this will drop compatibility with some (mostly legacy) browsers/clients.

    Please also see this answer that contains several resources on cipher suite recommendations.

提交回复
热议问题