Ensure latest TLS version is used for Google Compute SSL Policy

MEDIUM

Description

Using the latest version of TLS can help keep data in-transit protected from man-in-the-middle and similar attacks.

Remediation

In GCP Console -

  1. Open the SSL policies page.
  2. Select the name of the policy to edit.
  3. Click Edit.
  4. Click the Minimum TLS version dropdown, choose TLS 1.2.
  5. Click Save.

In Terraform -

  1. In the google_compute_ssl_policy resource ensure that min_tls_version attribute is set to version TLS_1_2.

References:
https://cloud.google.com/load-balancing/docs/use-ssl-policies
https://registry.terraform.io/providers/hashicorp/google/4.50.0/docs/resources/compute_region_policy#min_tls_version

Policy Details

Rule Reference ID: AC_GCP_0034
CSP: GCP
Remediation Available: Yes
Resource Category: Compute
Resource Type: Virtual Machine

Frameworks