Application Gateways use a minimum TLS 1.2#
Security · Application Gateway · 2020_06
Application Gateway should only accept a minimum of TLS 1.2.
Description#
Application Gateway should only accept a minimum of TLS 1.2 to ensure secure connections.
Recommendation#
Consider configuring Application Gateway to accept a minimum of TLS 1.2.
Configure with Azure template#
To deploy Application Gateways that pass this rule:
- Set the
properties.sslPolicy.minProtocolVersionproperty toTLSv1_2.
For example:
Azure Template snippet
{
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-11-01",
"name": "appGw-001",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"name": "WAF_v2",
"tier": "WAF_v2"
},
"sslPolicy": {
"minProtocolVersion": "TLSv1_2"
}
}
}
Configure with Bicep#
To deploy Application Gateways that pass this rule:
- Set the
properties.sslPolicy.minProtocolVersionproperty toTLSv1_2.
For example:
Azure Bicep snippet
resource name_resource 'Microsoft.Network/applicationGateways@2019-09-01' = {
name: 'appGw-001'
location: location
properties: {
sku: {
name: 'WAF_v2'
tier: 'WAF_v2'
}
sslPolicy: {
minProtocolVersion: 'TLSv1_2'
}
}
}
Links#
- Data encryption in Azure
- Application Gateway SSL policy overview
- Configure SSL policy versions and cipher suites on Application Gateway
- Overview of TLS termination and end to end TLS with Application Gateway
- Azure deployment reference
Last update:
2022-10-17