Ensure latest TLS version is in use for Azure Function App

MEDIUM

Description

Using the latest version of TLS can help keep data in-transit protected from man-in-the-middle and similar attacks.

Remediation

In Azure Console -

Open the Azure Portal and go to Function App.
Choose the Function App you wish to edit.
Under Settings, select TLS/SSL Settings.
Under Protocol Settings, set Minimum TLS Version to 1.2.

In Terraform -
For Azure Provider versions prior to v4.x (deprecated in favor of azurerm_linux_function_app and azurerm_windows_function_app resources):

In the azurerm_function_app resource, set min_tls_version to 1.2.

References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#min_tls_version

Policy Details

Rule Reference ID: AC_AZURE_0177

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_function_app

Resource Category: Serverless

Resource Type: Function App

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2

Detections

Analytics