How to configure the TLS cipher suite for HTTPS edge applications

1. Access Azion Console > Edge Application.
2. Click the application you want to configure.
3. In Delivery Settings, select the HTTP and HTTPS support.

Now to specify the minimum TLS version and the cipher suite supported by your application:

1. In Minimum TLS version, select TLS 1.2.
2. Under Cipher suite, select TLSv1.2_2021.
3. Click the Save button.

It may take some time to propagate your changes to the edge. To verify whether your changes took place, you can inspect the https://xxxxxxxxxx.map.azionedge.net page using your browser and locate the security settings of the application. You can also run the DIG command to get more information on your security settings.

The application may still be running in TLS 1.3, since you selected the minimum version and not the exact TLS version used. However, you can check the cipher suite being used against the list of supported ciphers to verify whether the changes took place.

1. Access Real-Time Manager (RTM) > Edge Application.
2. Click the application you want to configure.
3. Switch the Delivery Protocol to HTTP & HTTPS.

Now to specify the minimum TLS version and the cipher suite supported by your application:

1. Under Minimum TLS version, select TLS 1.2.
2. Under Supported Ciphers list, select TLSv1.2_2021.
3. Click the Save button.

It may take some time to propagate your changes to the edge. To verify whether your changes took place, you can inspect the https://xxxxxxxxxx.map.azionedge.net page using your browser and locate the security settings of the application. You can also run the DIG command to get more information on your security settings.

The application may still be running in TLS 1.3, since you selected the minimum version and not the exact TLS version used. However, you can check the cipher suite being used against the list of supported ciphers to verify whether the changes took place.

1. Run the following GET request in your terminal, replacing [TOKEN VALUE] with your personal token to retrieve your <edge_application_id>:

curl --location 'https://api.azionapi.net/edge_applications \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]'

2. You’ll receive a response with all your existing edge applications. Copy the value of the <edge_application_id> that you want to configure.
3. Run a PATCH request to modify the application as follows:

curl --location --request PATCH 'https://api.azionapi.net/edge_applications/<edge_application_id>' \
--header 'Accept: application/json; version=3' \
--header 'Content-Type: application/json' \
--header 'Authorization: Token [TOKEN VALUE]' \
--data '{
    "delivery_protocol": "http,https",
    "minimum_tls_version": "tls_1_2",
    "supported_ciphers": "TLSv1.2_2021"
}'

4. You’ll receive a response similar to this:

{
    "results": {
        "id": <edge_application_id>,
        "name": "example.org",
        "delivery_protocol": "http,https",
        "http_port": [
            80,
            8008
        ],
        "https_port": [
            443
        ],
        "minimum_tls_version": "tls_1_2",
        "active": true,
        "debug_rules": false,
        "http3": false,
        "websocket": false,
        "supported_ciphers": "TLSv1.2_2021",
        "application_acceleration": true,
        "caching": true,
        "device_detection": false,
        "edge_firewall": false,
        "edge_functions": true,
        "image_optimization": false,
        "l2_caching": false,
        "load_balancer": false,
        "raw_logs": false,
        "web_application_firewall": false
    }
}

5. Wait a few minutes for the changes to propagate.
6. Check the supported cipher suite by inspecting the page or running the DIG command.