Triage and Remediation
Remediation
Using Console
Using Console
To remediate the unsafe TLS version supported misconfiguration in Azure using the Azure console, follow these steps:
- Log in to the Azure portal (https://portal.azure.com/).
- Navigate to the resource group that contains the affected resource.
- Select the affected resource.
- Click on the “Networking” tab.
- Under the “Settings” section, click on “SSL/TLS settings”.
- In the “Minimum TLS version” dropdown, select the recommended version (TLS 1.2 or higher).
- Save the changes by clicking on the “Save” button.
Using CLI
Using CLI
To remediate the “Unsafe TLS Version Supported” misconfiguration for AZURE using AZURE CLI, follow these steps:
-
Open the AZURE CLI and login to your AZURE account using the command
az login. -
Once you are logged in, run the following command to list all the available App Services in your AZURE account:
az webapp list --query "[].{name:name, resourceGroup:resourceGroup}"This command will list all the available App Services in your AZURE account along with their resource group. - Choose the App Service for which you want to remediate the “Unsafe TLS Version Supported” misconfiguration and note down its name and resource group.
-
Run the following command to update the TLS version for the chosen App Service:
az webapp config set --name <app-name> --resource-group <resource-group> --min-tls-version 1.2Replace<app-name>with the name of your chosen App Service and<resource-group>with its resource group. This command will set the minimum TLS version to 1.2 for the chosen App Service, which is the recommended version for secure communication. -
Verify that the TLS version has been updated successfully by running the following command:
az webapp config show --name <app-name> --resource-group <resource-group> --query "minTlsVersion"This command will return the minimum TLS version set for the chosen App Service. If it returns “1.2”, then the remediation is successful.
Using Python
Using Python
To remediate the “Unsafe TLS Version Supported” misconfiguration in AZURE using Python, you can follow the below steps:Step 1: Identify the affected resourcesStep 3: Verify the remediationThis should remediate the “Unsafe TLS Version Supported” misconfiguration for Azure using Python.
- Use the Azure Security Center to identify the affected resources that have unsafe TLS versions enabled.
- Use the Azure Python SDK to update the TLS version for the affected resources.
- Install the Azure Python SDK using the following command:
pip install azure - Use the following code to update the TLS version for an App Service:
- Use the Azure Security Center to verify that the unsafe TLS versions have been disabled for the affected resources.
- You can also use the Azure Python SDK to verify the TLS version for an App Service: