locked
Azure CDN SSL3.0 Disabled? RRS feed

  • Question

  • Does Azure CDN Server end point has SSL3.0 disabled after the poodle attack vulnerability?

    We are having users who just have SSL3.0 checked on their IE browser and are not able to view CDN content. Once they check TLS 1.0 they are able to see the content.

    Wednesday, October 22, 2014 3:27 PM

Answers

All replies

  • Hi sir,

    Thanks for your feedback, I will confirm it with someone familiar with this topic. There might be some time delay. Appreciate your patience.

    Regards,

    Will


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, October 23, 2014 8:04 AM
  • Hi,

    SSL 3.0 Protocol is by default enabled for Azure Websites, Roles, and Windows Virtual Machines.
    However, due to an industry-wide vulnerability affecting the SSL 3.0 protocol, it is possible to disable it.
    It is also possible to disable SSLv3 on a server.
    This ensures that all connections use the stronger TLS protocols.
    Please note that users on legacy browsers, which only support SSL 3.0, will no longer be able to connect to the server.

    You could refer the following link to disable SSL 3.0.

    http://azure.microsoft.com/blog/2014/10/19/how-to-disable-ssl-3-0-in-azure-websites-roles-and-virtual-machines/

    Regards,
    Malar.

    Thursday, October 23, 2014 11:36 AM