App Service web apps should have ‘Minimum TLS Version’ set to ‘1.2’¶
Description¶
The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App service allows TLS 1.2 by default, which is the recommended TLS level by industry standards.
Remediation Steps¶
Azure Portal¶
Navigate to App Services.
In the left navigation, select TLS/SSL settings.
In Minimum TLS Version, select 1.2.
Azure CLI¶
To enable TLS 1.2:
az webapp config set --resource-group MyResourceGroup \
--name MyResourceName \
--min-tls-version 1.2
Azure Resource Manager¶
Ensure that a Microsoft.Web/sites or Microsoft.Web/sites/config resource contains the following:
For Microsoft.Web/sites:
{
"properties": {
"siteConfig": {
"minTlsVersion": "1.2"
}
}
}
For Microsoft.Web/sites/config:
{
"properties": {
"minTlsVersion": "1.2"
}
}
Example Configuration¶
For Microsoft.Web/sites:
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-02-01",
"properties": {
"siteConfig": {
"minTlsVersion": "1.2"
}
}
# other required fields here
}
For Microsoft.Web/sites/config:
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2021-02-01",
"name": "web",
"properties": {
"minTlsVersion": "1.2"
}
# other required fields here
}
Terraform¶
Ensure that the azurerm_app_service
min_tls_version
field is set to1.2
within thesite_config
block.
Example Configuration¶
resource "azurerm_app_service" "example" {
site_config {
min_tls_version = "1.2"
}
# other required fields here
}