Pattern: Use of insecure TLS/SSL policy for Azure storage
Issue: -
Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, and 1.2.
Azure Storage uses TLS 1.2 on public HTTPS endpoints, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.
This check will warn if the minimum TLS is not set to TLS1_2.
Resolution: Use a more recent TLS/SSL policy for the load balancer.
Example of incorrect code:
resource "azurerm_storage_account" "bad_example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}Example of correct code:
resource "azurerm_storage_account" "good_example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
min_tls_version = "TLS1_2"
}