Beta - PostgreSQL Not Using Latest TLS Encryption Version
- Query id: 9f15ecc4-d9df-44ba-bb88-28c97e946114
- Query name: Beta - PostgreSQL Not Using Latest TLS Encryption Version
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- CWE: 326
- Risk score: 3.0
- URL: Github
Description¶
Ensure PostgreSQL is using the latest version of TLS encryption
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_postgresql_server" "negative2" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku_name = "GP_Gen5_4"
version = "11"
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_1"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_postgresql_server" "negative1" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku_name = "GP_Gen5_4"
version = "11"
ssl_enforcement_enabled = true
}
Negative test num. 2 - tf file
resource "azurerm_postgresql_server" "negative2" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku_name = "GP_Gen5_4"
version = "11"
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
}