Last post Aug 03, 2015 09:15 AM by PatriceSc
Aug 02, 2015 11:04 PM|Alex71938|LINK
I am a noob in security, i.e. I didn't care much, but now we have a specific requirements from client:
"All data traffic in and out of the system is encrypted using TLS, forward-secrecy-compliant ciphers whenever possible (e.g. ECDHE-ECDSA-AES128-GCM-SHA256")
Anything I should I do in the Web API project or this setup is related to Azure Web Apps?
Aug 03, 2015 04:36 AM|PatriceSc|LINK
This is related to the SSL configuration. Try https://www.ssllabs.com/ssltest/ to check your site.
Aug 03, 2015 08:59 AM|Alex71938|LINK
The question was: "Anything I should I do in the Web API project or this setup is related to Azure Web Apps?"
Aug 03, 2015 09:15 AM|PatriceSc|LINK
Nothing to do in your web api project and you can't configure this kind of thing for an Azure web app. Either it is configured for you or you can't get that.
https://dzone.com/articles/it%E2%80%99s-time-grade-ssl-azure it seems it should though it might depend on your geographic location as it is really recent.
For your information the script to configure IIS for that is
https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 (but you can't do that for an Azure web app).