Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
Ensure TLS version on MySQL flexible servers is set to the default value
Risk Level: High
Cloud Entity: My SQL DB Flexible Server
CloudGuard Rule ID: D9.AZU.CRY.33
Covered by Spectral: Yes
Category: Database
GSL LOGIC
MySQLDBFlexibleServer should have parameters with [ name='tls_version' and value='TLSv1.2' ]
REMEDIATION
From Portal
- Login to Azure Portal using https://portal.azure.com
- Go to
Azure Database for MySQL flexible servers - For each database, click on
Server parametersunderSettings - In the search box, type in
tls_version - Click on the VALUE dropdown, and ensure only
TLSV1.2is selected fortls_version
From TF
Set the 'ssl_enforcement_enabled' to 'true':
resource 'azurerm_mysql_server' 'example' {
..
ssl_minimal_tls_version_enforced = "TLS1_2"
..
}
From Command Line
Run
az mysql flexible-server parameter set --name tls_version --resource-group RESOURCEGROUPNAME --server-name SERVERNAME --value TLSV1.2
References
- https://docs.microsoft.com/en-us/azure/mysql/concepts-ssl-connection-security
- https://docs.microsoft.com/en-us/cli/azure/mysql/flexible-server/parameter?view=azure-cli-latest#az-mysql-flexible-server-parameter-set
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_minimal_tls_version_enforced
My SQL DB Flexible Server
Azure Database for MySQL Flexible Server is a fully managed production-ready database service designed for more granular control and flexibility over database management functions and configuration settings. The flexible server architecture allows users to opt for high availability within single availability zone and across multiple availability zones.
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated about 1 year ago