HIGH
Source
Trivy/CSPM
CSPM ID
tls-version-check
ID
AVD-AZU-0006

Web App uses latest TLS version

Use a more recent TLS/SSL policy for the App Service

Impact

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the Microsoft Azure Management Console.

  2. Find the search bar at the top and search for App Services. Step

  3. Select the “App Service” by clicking on “Name” to go to its configuration.Step

  4. Scroll down the selected “App Services” left navigation panel and under “Settings” click on the “TLS/SSL settings” option.Step

  5. On the “TLS/SSL settings” page select the Bindings tab, scroll down and under the “Protocol Settings” check the “Minimum TLS Version”. It’s recommended to use only latest version (1.2) of TLS.Step

  6. If the “App Service” is not using the latest version of the TLS then select 1.2 from the slider.Step

  7. Wait for the confirmation box to save changes.Step

  8. Repeat steps number 3 - 7 to verify all other “Apps” are using latest TLS version in the account.

The TLS version being outdated and has known vulnerabilities

1
2
3
4
5
6
resource "azurerm_app_service" "good_example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id
}