Beta - MSSQL Not Using Latest TLS Encryption Version

• Query id: 22cb3507-1ef4-44ac-9c9a-cab31167e31e
• Query name: Beta - MSSQL Not Using Latest TLS Encryption Version
• Platform: Terraform
• Severity: Medium
• Category: Encryption
• CWE: 326
• Risk score: 3.0
• URL: Github

Description

Ensure MSSQL is using the latest version of TLS encryption
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "azurerm_mssql_server" "positive1" {
  name                         = "example-resource"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "Example-Administrator"
  administrator_login_password = "Example_Password!"
  minimum_tls_version = "1.1"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "azurerm_mssql_server" "negative1" {
  name                         = "example-resource"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "Example-Administrator"
  administrator_login_password = "Example_Password!"
}

Negative test num. 2 - tf file

resource "azurerm_mssql_server" "negative2" {
  name                         = "example-resource"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "Example-Administrator"
  administrator_login_password = "Example_Password!"
  minimum_tls_version = "1.2"
}