Description
Using the latest version of TLS can help keep data in-transit protected from man-in-the-middle and similar attacks.
Remediation
In Azure Console -
- Open the Azure Portal and go to Function App.
- Choose the Function App you wish to edit.
- Under Settings, select TLS/SSL Settings.
- Under Protocol Settings, set Minimum TLS Version to 1.2.
In Terraform -
For Azure Provider versions prior to v4.x (deprecated in favor of azurerm_linux_function_app and azurerm_windows_function_app resources):
- In the azurerm_function_app resource, set min_tls_version to 1.2.
References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#min_tls_version
Policy Details
Rule Reference ID: AC_AZURE_0177
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_function_app
Resource Category: Serverless
Resource Type: Function App