Ensure Azure App's service slot uses the latest version of TLS encryption

Error: Azure App's service slot does not use the latest version of TLS encryption

Bridgecrew Policy ID: BC_AZR_NETWORKING_51
Checkov Check ID: CKV_AZURE_154
Severity: LOW

Azure App's service slot does not use the latest version of TLS encryption

Description

The Transport Layer Security (TLS) protocol secures transmission of data between servers and web browsers, over the Internet, using standard encryption technology. To follow security best practices and the latest PCI compliance standards, enable the latest version of TLS protocol (i.e. TLS 1.2) for all your App service slots.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service_slot
  • Argument: min_tls_version
resource "azurerm_app_service_slot" "pass2" {
  name                = "ted"
  app_service_name    = azurerm_app_service.example.name
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id

  https_only = false #thedefault


  site_config {
    dotnet_framework_version = "v4.0"
    min_tls_version          = "1.2" #the default is 1.2
    remote_debugging_enabled = true  #default is false
  }

  app_settings = {
    "SOME_KEY" = "some-value"
  }

  connection_string {
    name  = "Database"
    type  = "SQLServer"
    value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
  }
}