HIGH
Source
Trivy/CSPM
CSPM ID
tls-version-check
ID
AVD-AZU-0006

Web App uses latest TLS version

Use a more recent TLS/SSL policy for the App Service

Impact

The minimum TLS version for apps should be TLS1_2

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for App Services. Step
  3. Select the “App Services” by clicking on the “Name” link to access the configuration changes.Step
  4. Scroll down the selected “App Services” navigation panel and in “Settings” click on the “TLS/SSL settings” option.Step
  5. On the “TLS/SSL settings” page under the Protocol settings tab,scroll down and check the “Minimum TLS Vesrion”. It’s recommended to use only latest version of the “TLS/SSL” always.Step
  6. Repeat steps number 2 - 5 to verify other “Apps” using latest TLS/SSL version in the account.
  7. Navigate to the “App Services”, select the “App Service” and click on the “Name” as a link to access the configuration, select the “TLS/SSL settings” under “Settings.”Step
  8. On the “TLS/SSL settings” page scroll down and at the “Minimum TLS version” choose the latest version of the TLS/SSL from the menu and click on the “Save” button to make the changes.Step
  9. Repeat above steps to ensure the latest version of TLS/SSL is running on all App Services.

The TLS version being outdated and has known vulnerabilities

1
2
3
4
5
6
resource "azurerm_app_service" "good_example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id
}