Use Secure Tls Policy | Vulnerability Database

The minimum TLS version for Storage Accounts should be TLS1_2 or higher

Azure Storage supports four versions of the TLS protocol: 1.0, 1.1, 1.2, and 1.3. Azure Storage uses TLS 1.2 or TLS 1.3 on public HTTPS endpoints, while TLS 1.0 and TLS 1.1 are still supported for backward compatibility. This check will warn if the minimum TLS version is set lower than TLS1_2. TLS1_2 and TLS1_3 are both allowed.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Use a more recent TLS version for the storage account

1
2
3
4
5
6
7


# provider version > 5.0
resource "azurerm_storage_account" "good_example" {
  name                = "storageaccountname"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  min_tls_version     = "TLS1_3"
}

1
2
3
4
5
6
7


# provider version < 5.0
resource "azurerm_storage_account" "good_example" {
  name                = "storageaccountname"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  min_tls_version     = "TLS1_2"
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#min_tls_version