Azure Services SSL/TLS Cipher Suite Update and Removal of RC4

In the blog post, Protecting customer data from government snooping, Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft, announced Microsoft’s commitment to increase the security of our customers’ data.

We continue to execute on that commitment by announcing additional enhancements to encryption in transit based security. To date, this has included usage of best-in-class industry standard cryptography, including Perfect Forward Secrecy (PFS), 2048-key lengths, and updates to operating system cipher suite settings.

In addition to these cryptographic changes, the default Transport Layer Security (TLS)/Secure Socket Layer (SSL) cipher suite configuration has been enhanced and includes changes such as removal of SSLv3 support and mitigation of issues such as POODLE.

Today, we are announcing the removal of RC4 from the supported list of negotiable ciphers on our service endpoints in Microsoft Azure. This encryption work builds on the existing protection already extant in many of our products and services, such as Microsoft Office 365, Skype and OneDrive.

In addition, The TLS/SSL cipher suite enhancements are being made available to customers, by default, in the May 2016 Azure Guest OS releases for Cloud Services release. Learn more about Azure Guest OS releases here.

For more detailed information regarding these security enhancements, please see the article Updates to Microsoft Azure SSL/TLS Cipher Suites.

======================

The Azure Security Engineering Team