Ensure Azure Function app uses the latest version of TLS encryption
Error: Azure Function app does not use the latest version of TLS encryption
Bridgecrew Policy ID: BC_AZR_NETWORKING_55
Checkov Check ID: CKV_AZURE_145
Severity: LOW
Azure Function app does not use the latest version of TLS encryption
Description
The Transport Layer Security (TLS) protocol secures transmission of data between servers and web browsers, over the Internet, using standard encryption technology. To follow security best practices and the latest PCI compliance standards, enable the latest version of TLS protocol (i.e. TLS 1.2) for all your Azure Function apps.
Fix - Runtime
Fix - Buildtime
Terraform
- Resource: azurerm_function_app
- Argument: site_config.min_tls_version
resource "azurerm_function_app" "pass2" {
name = "test-azure-functions"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
https_only = false
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
min_tls_version = 1.2
ftps_state = "AllAllowed"
http2_enabled = false
cors {
allowed_origins = ["*"]
}
}
}
Updated 10 months ago