What's listening on port 454 and 455 in Azure? Warning flagged by security scan

Question

We are about to go live with an Azure Website and, as a precaution, did a security scan on the IP address that has been allocated to us.

There were a number of low severity warnings listed which we're not too worried about, however the scan did flag that something appears to be listening on port 454 and 455, and supports TLS1.0.

RESULTS:
Available non CBC cipher            Server's choice              SSL version
RC4-SHA                             DES-CBC3-SHA                 TLSv1

Does anyone know what this is? I can't find it obviously listed anywhere. If it's not necessary, can I switch it off? And if it is necessary, can I set it to require a more secure protocol?

We're hosted in the "Australia East" datacentre, in case that's relevant.

UPDATE 1: I have deployed a C# MVC web app using .NET 4.5 and it currently includes 1 WebJob. I've bound 1 SHA256 SSL certificate using SNI SSL.

I have seen the "Set up deployment from source control" link on the dashboard, but haven't used it. We currently deploy using our on TeamCity instance via Web Deploy.

Answer 1

As Petr addressed in the comments to the question, these ports are used for internal communication by the Azure Web Apps.

As an update to this question, the Azure team has removed the RC4 cipher from port 443, and expects to have the RC4 cipher removed from ports 454 and 455 around the end of September 2015. If this item is coming up on your PCI compliance reports, it looks like it will be resolved soon.

This thread contains the updates from the Azure team: https://social.msdn.microsoft.com/Forums/azure/en-US/66d1fd5f-4384-4568-bf96-8a0b57033c07/azure-websites-port-454-and-455-insecure-ssl?forum=windowsazurewebsitespreview

UPDATE: The Azure team confirmed that this change was deployed in October 2015. Users are now reporting that their PCI scans are passing and are now not showing ports 454 and 455 to have RC4 available.