The minimum TLS version for Storage Accounts should be TLS1_2
Default Severity: critical
Explanation
Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, and 1.2.
Azure Storage uses TLS 1.2 on public HTTPS endpoints, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.
This check will warn if the minimum TLS is not set to TLS1_2.
Possible Impact
The TLS version being outdated and has known vulnerabilities
Suggested Resolution
Use a more recent TLS/SSL policy for the load balancer
Insecure Example
The following example will fail the azure-storage-use-secure-tls-policy check.
resource "azurerm_storage_account" "bad_example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
Secure Example
The following example will pass the azure-storage-use-secure-tls-policy check.
resource "azurerm_storage_account" "good_example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
min_tls_version = "TLS1_2"
}