App Services
      Back to home
      1. CNS Policies
      2. Azure Knowledge Base
      3. App Services

      Insecure TLS Version Supported

      Risk Level: Medium

      Description  

      This plugin ensures that all web apps are using the latest version of TLS. App Services currently allows web apps to use TLS versions 1.0, 1.1 and 1.2. The latest version of the TLS protocol comes not only with improved features but also with security patches for loopholes that existed in the previous versions. It is highly recommended to use the latest TLS 1.2 version for web app TLS connections.

      Configuration Parameter

      Minimum TLS Version: This parameter denotes the latest version of TLS should be installed for all App Services. App Services currently allows web apps to use TLS versions 1.0, 1.1 and 1.2. The latest version of the TLS protocol comes not only with improved features but also with security patches for loopholes that existed in the previous versions. An alert will be generated if the TLS version is outdated.

      By default the value is set to 1.2,therefore any older versions of TLS will return vulnerability.

      About the Service

      App Services: The app services at azure offers to host web applications, the REST API and backend services for mobile and web applications. Hosting web apps on Azure lets users focus on managing the application and its data. 

      Impact

      The latest version of the TLS protocol comes not only with improved features but also with security patches for loopholes that existed in the previous versions. Selecting an older version of the protocol will not only hamper the speed of your services but also lack various security advancements to deal with the evolving threats.  

      Steps to Reproduce

      1. Log in to the Azure portal.
      2. Click on App Services.
      3. Select an App Service plan from the listed apps.
      4. Click on TLS/SSL settings under Settings.
      5. See if the Minimum TLS version is set to the maximum version available. If not, follow the Steps for Remediation section given at the bottom of the page.
      6. Repeat the process from step 3 and check for this issue in the next applications as well.

      Steps for Remediation

      1. Log in to the Azure portal.
      2. Click on App Services.
      3. Select an App Service plan from the listed apps.
      4. Click on TLS/SSL settings under Settings.
      5. Click on the maximum version available in front of the Minimum TLS version and you are all set.
      6. Repeat the steps for the rest of the applications as well where the TLS version is not set to the latest.

      Please feel free to reach out to support@pingsafe.com with any questions that you may have.

      Thanks

      PingSafe Support