AnsweredAssumed Answered

Conditions of SSL Scanning TLS 1.0 /1.1 enabled

Question asked by Catherine Li on Sep 22, 2019
Latest reply on Sep 22, 2019 by Nauman Akhtar Shah

I have an Azure service fabric environment with no applications (clean environment).

I disabled TLS 1.0 / 1.1 in the  5 nodes of this cluster.
But when I scan using the SSL Lab, it shows that TLS 1.0 / 1.1 is still enabled.

I checked the old ticket in the community. It was mentioned that the OS-level configuration does not affect the application level configuration. What he means is that even if the OS-level configuration TLS 1.0 / 1.1 is disabled, the application or service is still can use its own configuration (enabled with TLS1.0/1.1), which may be the cause of inconsistent scan results.


To this end, I contacted the MS support team. The response from MS is that their service will not ignore the system-level settings, which means that the system-level setting is 1.0/1.1 disabled, then their service is disabled.


Therefore, I would like to know what the conditions for SSL Scanning definition 1.0/1.1 are enabled, or what other reasons would make SSL Scan 1.0/1.1 enabled.