Ensure that your Azure API Management API gateways are not configured to use weak and deprecated TLS protocols such as TLS 1.0 and TLS 1.1. To follow security best practices and protect your APIs from potential exploits that can target flaws in the older versions of the TLS protocol, ensure that your API gateways are using the the latest supported version of TLS.
The Transport Layer Security (TLS) protocol addresses network security problems such as tampering and eavesdropping between a client and a server. An Azure API Management service supports multiple versions of the TLS protocol to secure API traffic for both client side and backend side. Using weak and deprecated TLS protocols can increase opportunities for malicious activities such as hacking, Man-in-the-Middle (MITM) and downgrade attacks, therefore it is strongly recommended to use only the latest TLS version.
Audit
To determine the TLS version(s) configured for your Azure API Management API gateways, perform the following actions:
Remediation / Resolution
To ensure that your Azure API Management API gateways don't use weak and deprecated SSL/TLS protocols, perform the following actions:
References
- Azure Official Documentation
- Azure security baseline for API Management
- Manage protocols and ciphers in Azure API Management
- Azure PowerShell Documentation
- az apim list
- az apim show
- az apim update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check the TLS Version Configured for API Gateways
Risk Level: Medium