use-secure-tls-policy
Default Severity: high
Explanation
Use a more recent TLS/SSL policy for the App Service
Possible Impact
The minimum TLS version for apps should be TLS1_2
Suggested Resolution
The TLS version being outdated and has known vulnerabilities
Insecure Example
The following example will fail the azure-appservice-use-secure-tls-policy check.
resource "azurerm_app_service" "bad_example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
site_config {
min_tls_version = "1.0"
}
}
Secure Example
The following example will pass the azure-appservice-use-secure-tls-policy check.
resource "azurerm_app_service" "good_example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}