MEDIUM
Source
Trivy
ID
AVD-AZU-0026

Databases should have the minimum TLS set for connections

You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Use the most modern TLS policies available

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
resource "azurerm_mssql_server" "good_example" {
  name                         = "mssqlserver"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "missadministrator"
  administrator_login_password = "thisIsKat11"
  minimum_tls_version          = "1.2"
}

resource "azurerm_postgresql_server" "good_example" {
  name = "bad_example"

  public_network_access_enabled    = true
  ssl_enforcement_enabled          = false
  ssl_minimal_tls_version_enforced = "TLS1_2"
}