Enforce namespaces to minimum use TLS 1.2 version#
Security · Service Bus · 2022_12
Enforce namespaces to require that clients send and receive data with TLS 1.2 version.
Description#
Communication between a client application and an Azure Service Bus namespace is encrypted using Transport Layer Security (TLS).
Azure Service Bus namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS. If a Service Bus namespace requires a minimum version of TLS, then any requests made with an older version will fail.
Important If you are using a service that connects to Azure Service Bus, make sure that that service is using the appropriate version of TLS to send requests to Azure Service Bus before you set the required minimum version for a Service Bus namespace.
Recommendation#
Consider namespaces to require that clients send and receive data with TLS 1.2 version.
Examples#
Configure with Azure template#
To deploy Service Bus namespaces that pass this rule:
- Set
properties.minimumTlsVersion
to1.2
.
For example:
{
"type": "Microsoft.ServiceBus/namespaces",
"apiVersion": "2022-01-01-preview",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "Standard"
},
"properties": {
"disableLocalAuth": true,
"minimumTlsVersion": "1.2"
}
}
Configure with Bicep#
To deploy Service Bus namespaces that pass this rule:
- Set
properties.minimumTlsVersion
to1.2
.
For example:
@description('The name of the resource.')
param name string
@description('The location resources will be deployed.')
param location string = resourceGroup().location
resource ns 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
name: name
location: location
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'Standard'
}
properties: {
disableLocalAuth: true
minimumTlsVersion: '1.2'
}
}
Links#
- Information protection and storage
- Enforce a minimum requires version of TLS
- Azure deployment reference