{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 仙女界的扛把子 的问题《Is it possible to configure Azure Web site SSL pro》','https://www.manongdao.com/q-768831.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to be able to disable the TLS 1.0 protocol and the RC4 cipher on an Azure website (or Web App) and I can't figure out if it's possible or not. (edit: I am aware that SSL 3.0 is disabled by default on Azure websites but I specifically want to disable TLS 1.0)
I know what registry settings to update but the problem of course is that I don't have access to the OS.
There's the NWebsec startup tasks that allow you to configure web roles (or cloud service) but my understanding is that this solution does not apply to web apps.
Is there any workaround?
Update Jan 2017
Microsoft have completed a feature whereby TLS1.0 can be disabled via App Service Environment configuration. It's possible to set your own ciphers through the Azure resource manager or change the cipher suite order.
Details are available on the Custom configuration settings for App Service Environments page.
Original answer:
The original answer was that it is not possible to configure anything in the Registry or SSL settings in Azure web apps.
Microsoft are aware of PCI compliance changes and will update the host machines that the web apps run on in their own time frame. They announced in January 2015 that they would starting making updates on 18th July 2015 that would result in an A grade for TLS/SSL endpoints for Auzre web apps on sites like http://ssllabs.com
It's likely that this will be an on-going issue as computing power increases and more vulnerabilities are discovered and hosted web apps must rely on Microsoft to keep their servers patched and up-to-date in a timely manner.
This link has some more background information on the changes Microsoft are making: https://social.msdn.microsoft.com/Forums/azure/en-US/50f1ab33-c22a-4629-951e-b7510f6b2cbe/upgrading-tlsssl-cryptography-for-azure-web-apps?forum=windowsazurewebsitespreview
And this link also tracks the feature request that asks MS to disable insecure ciphers in Web apps: http://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/7091994-disable-insecure-ciphers-in-azure-websites?page=2&per_page=20
If registry access and specific control of these settings is a requirement, the Azure options are Cloud Service WebRoles or IAAs VMs.
Vote to get MS to disable TLS 1.0