Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Azure > Storage >

Use Secure Tls Policy

CRITICAL
Source
Trivy
ID
AVD-AZU-0011
terraform

The minimum TLS version for Storage Accounts should be TLS1_2

Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, and 1.2.

Azure Storage uses TLS 1.2 on public HTTPS endpoints, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.

This check will warn if the minimum TLS is not set to TLS1_2.

Impact

The TLS version being outdated and has known vulnerabilities

Follow the appropriate remediation steps below to resolve the issue.

Use a more recent TLS/SSL policy for the load balancer

1
2
3
4
5
6
7

 resource "azurerm_storage_account" "good_example" {
   name                     = "storageaccountname"
   resource_group_name      = azurerm_resource_group.example.name
   location                 = azurerm_resource_group.example.location
   min_tls_version          = "TLS1_2"
 }
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use