Ensure that your Microsoft Azure Function Apps are using the latest supported version of the TLS encryption protocol in order to secure the applications traffic over the Internet and comply with the industry standards.
excellence
The Transport Layer Security (TLS) protocol is designed to facilitate privacy and data security for communications over different types of networks, including the Internet. TLS versions 1.0 and 1.1 are known to be susceptible to certain Common Vulnerabilities and Exposures (CVE) weaknesses and attacks such as POODLE and BEAST. These two TLS protocol versions do not support the modern encryption methods and cipher suites recommended by the Payment Card Industry (PCI) compliance standards. To follow cloud security best practices and PCI security compliance standards, enforce using the latest version of the TLS protocol (TLS 1.2 or TLS 1.3) for all the requests made to your Azure Function Apps.
Audit
To determine if your Microsoft Azure Function Apps are configured to use TLS 1.2 or TLS 1.3, perform the following operations:
Remediation / Resolution
To update the configuration settings for your Microsoft Azure Function Apps in order to enforce the latest version of the TLS protocol, perform the following operations:
Your Azure Function App may restart if you are updating application settings or connection strings.References
- Azure Official Documentation
- Securing Azure Functions
- Azure App Service TLS overview
- Manage your function app
- Azure Command Line Interface (CLI) Documentation
- az account list
- az account set
- az functionapp list
- az functionapp config show
- az functionapp update