question

MatthewRiddler-9775 avatar image
0 Votes"
MatthewRiddler-9775 asked ·

Weak ciphers & amend headers on app proxy application

Hello,

My company has just deployed a azure app proxy application, pointing to an internal server.
Authentication is done at the app proxy instance.
As part of this we have had a vulnerability scan completed & we have 2 things that need looking at.

We need to set the HSTS header & it is also showing as having weak Ciphers.

Is there a way to change these settings at the app proxy layer, or do I need an application gateway in front (not too sure if you can put an app gateway in front of an app proxy app).
I couldn't figure out what category to put this in with a support call with Microsoft.

Thanks
Matt

azure-ad-application-proxy
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered ·

@MatthewRiddler-9775 The server where you have installed the App Proxy Connector establishes outbound connection to the App Proxy Service in Azure. It sends all Cipher Suites (enabled on the connector server) in the client hello during TLS Handshake and in server hello, the Azure App Proxy service responds with the cipher suite which is strongest and common between them. So, in order to remove the use of week ciphers, you can disable them from the App Proxy Connector server.


Read more: https://support.microsoft.com/en-in/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc



Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.


· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MatthewRiddler-9775 avatar image
0 Votes"
MatthewRiddler-9775 answered ·

Thanks @amanpreetsingh-msft. The connectors were running old ciphers. Some other sites (still app proxy) had different ciphers. They were pointing to a different connector group. With better ciphers.
Will arrange to get these updated.


· 1 · Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShashiShailaj-MSFT avatar image ShashiShailaj-MSFT ·

@MatthewRiddler-9775 , Thank you for sharing your exact problem . This will surely help other community members who maybe facing similar issues.

0 Votes 0 ·