Risk Level: High
Cloud Entity: Azure functions
CloudGuard Rule ID: D9.AZU.CRY.25
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

FunctionApp should have config.minTlsVersions.value='1.2'

REMEDIATION

From Portal

Sign on to Azure portal and navigate to 'Function App'
Click on the name of the Function App service web you want to examine
In the navigation panel, under Settings, select 'TLS/SSL settings'
In the 'Minimum TLS Version' toggle select 1.2

From TF
Set the 'min_tls_version' argument to 'true':

resource 'azurerm_function_app' 'example' {
	..
	min_tls_version = 1.2
	..
}

Note: By default min_tls_version is set to 1.2 for new function apps

From Command Line
Run

az functionapp config set --resource-group RESOURCEGROUPNAME --name FUNCTIONAPPNAME --min-tls-version 1.2

References

Azure functions

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

Compliance Frameworks

AZU PCI-DSS 4.0
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure HITRUST v9.5.0
Azure ITSG-33
Azure NIST 800-53 Rev 5
Azure Security Risk Management
CloudGuard Azure All Rules Ruleset
Microsoft Cloud Security Benchmark