Skip to content

Enforce namespaces to minimum use TLS 1.2 version#

Security · Service Bus · 2022_12

Enforce namespaces to require that clients send and receive data with TLS 1.2 version.

Description#

Communication between a client application and an Azure Service Bus namespace is encrypted using Transport Layer Security (TLS).

Azure Service Bus namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS. If a Service Bus namespace requires a minimum version of TLS, then any requests made with an older version will fail.

Important If you are using a service that connects to Azure Service Bus, make sure that that service is using the appropriate version of TLS to send requests to Azure Service Bus before you set the required minimum version for a Service Bus namespace.

Recommendation#

Consider namespaces to require that clients send and receive data with TLS 1.2 version.

Examples#

Configure with Azure template#

To deploy Service Bus namespaces that pass this rule:

  • Set properties.minimumTlsVersion to 1.2.

For example:

Azure Template snippet
{
  "type": "Microsoft.ServiceBus/namespaces",
  "apiVersion": "2022-01-01-preview",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "sku": {
    "name": "Standard"
  },
  "properties": {
    "disableLocalAuth": true,
    "minimumTlsVersion": "1.2"
  }
}

Configure with Bicep#

To deploy Service Bus namespaces that pass this rule:

  • Set properties.minimumTlsVersion to 1.2.

For example:

Azure Bicep snippet
@description('The name of the resource.')
param name string

@description('The location resources will be deployed.')
param location string = resourceGroup().location

resource ns 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  sku: {
    name: 'Standard'
  }
  properties: {
    disableLocalAuth: true
    minimumTlsVersion: '1.2'
  }
}

Last update: 2022-12-03

Comments