API Management backend allows insecure TLS/SSL protocols Affecting API Management service in Azure
Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Data/ Encryption Protocols
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-ControlsCSA-CCMISO-27001NIST-800-53PCI-DSSSOC-2
- Snyk IDSNYK-CC-00488
- creditSnyk Research Team
Description
Usage of outdated protocols poses a security risk and a lack of technical support. Using these protocols means your APIs are vulnerable to attack.
How to fix?
Set properties.tls11Enabled and properties.tls10Enabled to false.
Set any security.enable_backend_* attributes to false.
Example configuration:
resource "azurerm_api_management" "allowed488" {
name = "exampleApim488a"
location = azurerm_resource_group.example488.location
resource_group_name = azurerm_resource_group.example488.name
publisher_name = "My Company"
publisher_email = "company@terraform.io"
sku_name = "Developer_1"
security {
enable_backend_ssl30 = false
enable_backend_tls10 = false
enable_backend_tls11 = false
}
}