How to configure the TLS cipher suite for HTTPS edge applications

HTTPS applications require additional security configurations in the form of TLS cryptography. When you configure an edge application with Azion, you can select the minimum TLS version supported and which cipher suite is used by the application.

Configuring an HTTPS application

Section titled Configuring an HTTPS application

Via Azion Console

Section titled Via Azion Console

To enable the HTTPS protocol for your application:

  1. Access Azion Console > Edge Application.
  2. Click the application you want to configure.
  3. Switch the Delivery Protocol to HTTP & HTTPS.
  4. Click the Save button.

Now to specify the minimum TLS version and the cipher suite supported by your application:

  1. Click the application you want to configure.
  2. In the Main Settings tab of the application, under Minimum TLS version, select TLS 1.2.
  3. Under Supported Ciphers list, select TLSv1.2_2021.
  4. Click the Save button.

It may take some time to propagate your changes to the edge. To verify whether your changes took place, you can inspect the https://xxxxxxxxxx.map.azionedge.net page using your browser and locate the security settings of the application. You can also run the DIG command to get more information on your security settings.

The application may still be running in TLS 1.3, since you selected the minimum version and not the exact TLS version used. However, you can check the cipher suite being used against the list of supported ciphers to verify whether the changes took place.

Via API

Section titled Via API
  1. Run the following GET request in your terminal, replacing [TOKEN VALUE] with your personal token to retrieve your <edge_application_id>:
Terminal window
curl --location 'https://api.azionapi.net/edge_applications \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]'
  1. You’ll receive a response with all your existing edge applications. Copy the value of the <edge_application_id> that you want to configure.
  2. Run a PATCH request to modify the application as follows:
Terminal window
curl --location --request PATCH 'https://api.azionapi.net/edge_applications/<edge_application_id>' \
--header 'Accept: application/json; version=3' \
--header 'Content-Type: application/json' \
--header 'Authorization: Token [TOKEN VALUE]' \
--data '{
    "delivery_protocol": "http,https",
    "minimum_tls_version": "tls_1_2",
    "supported_ciphers": "TLSv1.2_2021"
}'
KeyDescription
delivery_protocolEnables the HTTP and HTTPS protocols
minimum_tls_versionEnum that establishes the minimum TLS version
supported_ciphersEnum that sets the supported cipher suite. See the full list of list of supported ciphers for further details
  1. You’ll receive a response similar to this:
{
    "results": {
        "id": <edge_application_id>,
        "name": "example.org",
        "delivery_protocol": "http,https",
        "http_port": [
            80,
            8008
        ],
        "https_port": [
            443
        ],
        "minimum_tls_version": "tls_1_2",
        "active": true,
        "debug_rules": false,
        "http3": false,
        "websocket": false,
        "supported_ciphers": "TLSv1.2_2021",
        "application_acceleration": true,
        "caching": true,
        "device_detection": false,
        "edge_firewall": false,
        "edge_functions": true,
        "image_optimization": false,
        "l2_caching": false,
        "load_balancer": false,
        "raw_logs": false,
        "web_application_firewall": false
    }
}
  1. Wait a few minutes for the changes to propagate.
  2. Check the supported cipher suite by inspecting the page or running the DIG command.


Contributors