Skip to content

use-secure-tls-policy

Explanation

TLS versions prior to 1.2 are outdated and insecure. You should use 1.2 as aminimum version.

Possible Impact

Data in transit is not sufficiently secured

Suggested Resolution

Enforce a minimum TLS version of 1.2

Insecure Example

The following example will fail the google-compute-use-secure-tls-policy check.

resource "google_compute_ssl_policy" "bad_example" {
  name    = "production-ssl-policy"
  profile = "MODERN"
  min_tls_version = "TLS_1_1"
}

Secure Example

The following example will pass the google-compute-use-secure-tls-policy check.

resource "google_compute_ssl_policy" "good_example" {
  name    = "production-ssl-policy"
  profile = "MODERN"
  min_tls_version = "TLS_1_2"
}