Beta - Redis Cache Not Using Latest TLS Encryption Version

• Query id: e22e5620-3679-418e-bb74-c9f71731ab0f
• Query name: Beta - Redis Cache Not Using Latest TLS Encryption Version
• Platform: Terraform
• Severity: Medium
• Category: Encryption
• CWE: 326
• Risk score: 3.0
• URL: Github

Description

Ensure Redis Cache is using the latest version of TLS encryption
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "azurerm_redis_cache" "positive1" {
  name                 = "example-cache"
  location             = azurerm_resource_group.example.location
  resource_group_name  = azurerm_resource_group.example.name
  capacity             = 2
  family               = "C"
  sku_name             = "Standard"
  non_ssl_port_enabled = false
  minimum_tls_version  = "1.1"
}

Positive test num. 2 - tf file

resource "azurerm_redis_cache" "positive2" {
  name                 = "example-cache"
  location             = azurerm_resource_group.example.location
  resource_group_name  = azurerm_resource_group.example.name
  capacity             = 2
  family               = "C"
  sku_name             = "Standard"
  non_ssl_port_enabled = false
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "azurerm_redis_cache" "negative" {
  name                 = "example-cache"
  location             = azurerm_resource_group.example.location
  resource_group_name  = azurerm_resource_group.example.name
  capacity             = 2
  family               = "C"
  sku_name             = "Standard"
  non_ssl_port_enabled = false
  minimum_tls_version  = "1.2"
}