I had set minimumTlsVersion to 1.2 in azure service bus configuration. After Penetration or endpoint scanning on yournamespace.servicebus.windows.net. Service still supporting TLS 1.0 TLS 1.1.
and also weak cipher suits are enabled for TLS 1.2.
My azure functions use the .net6.0 target framework and I have applied security protocol at the application startup.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
How do I disable weak cipher suites for service bus and block any service bus requests that comes from TLS 1.0 , TLS 1.1 , TLS 1.2 ?
About TLS versions, this seems to be a limitation on the Azure Service Bus' current way of setting minimum TLS version.
I understand that the underlying limitation is that service bus instances are shared across many Azure Users, and so while they have a setting in place that can effectively prevent one namespace (that is to say, your particular bus) from using some TLS version, it does not mean another namespace on the same service bus would not support it.
In the end, they have to accept (upfront) many versions, and only after, once the actual namespace is resolved, do they enforce this namespace's version.
From https://learn.microsoft.com/en-us/azure/service-bus-messaging/transport-layer-security-enforce-minimum-version
So network checking tools report TLS 1.0 and 1.1 as being supported when Microsoft says they would eventually fail, only later than what the tools suggest.
The being said, I do not have an answer about setting the cipher suites.