Skip to content

PostgreSQL DB server minimum TLS version#

Security · Azure Database for PostgreSQL · Rule · 2020_09 · Critical

PostgreSQL DB servers should reject TLS versions older than 1.2.

Description#

The minimum version of TLS that PostgreSQL DB servers accept is configurable. Older TLS versions are no longer considered secure by industry standards, such as PCI DSS.

Azure lets you disable outdated protocols and require connections to use a minimum of TLS 1.2. By default, TLS 1.0, TLS 1.1, and TLS 1.2 is accepted.

Recommendation#

Consider configuring the minimum supported TLS version to be 1.2.

Comments