Skip to content

use-secure-tls-policy

Default Severity: high

Explanation

Use a more recent TLS/SSL policy for the App Service

Possible Impact

The minimum TLS version for apps should be TLS1_2

Suggested Resolution

The TLS version being outdated and has known vulnerabilities

Insecure Example

The following example will fail the azure-appservice-use-secure-tls-policy check.

 resource "azurerm_app_service" "bad_example" {
   name                = "example-app-service"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
   app_service_plan_id = azurerm_app_service_plan.example.id

   site_config {
      min_tls_version = "1.0"
   }
 }

Secure Example

The following example will pass the azure-appservice-use-secure-tls-policy check.

 resource "azurerm_app_service" "good_example" {
   name                = "example-app-service"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
   app_service_plan_id = azurerm_app_service_plan.example.id
 }