I have an Azure service fabric environment with no applications (clean environment).
I disabled TLS 1.0 / 1.1 in the 5 nodes of this cluster.
But when I scan using the SSL Lab, it shows that TLS 1.0 / 1.1 is still enabled.
I checked the old ticket in the community. It was mentioned that the OS-level configuration does not affect the application level configuration. What he means is that even if the OS-level configuration TLS 1.0 / 1.1 is disabled, the application or service is still can use its own configuration (enabled with TLS1.0/1.1), which may be the cause of inconsistent scan results.
To this end, I contacted the MS support team. The response from MS is that their service will not ignore the system-level settings, which means that the system-level setting is 1.0/1.1 disabled, then their service is disabled.
Therefore, I would like to know what the conditions for SSL Scanning definition 1.0/1.1 are enabled, or what other reasons would make SSL Scan 1.0/1.1 enabled.