Check for TLS Protocol Latest Version

Using Console

Using CLI

To remediate the TLS protocol version misconfiguration in Azure using Azure CLI, you can follow the below steps:

Open the Azure CLI on your local machine or Azure Cloud Shell.

Run the following command to check the TLS protocol version:

az webapp config ssl list --resource-group <resource_group_name> --name <app_name> --query "[].{protocolVersion:protocols[0].protocol}" --output table

This command will list the TLS protocol version of the specified App Service.

If the TLS protocol version is not the latest version, you can update it by running the following command:
```
az webapp config ssl update --resource-group <resource_group_name> --name <app_name> --protocols 'TLSv1.2'
```
This command will update the TLS protocol version to the latest version (TLSv1.2).
After running the above command, you can verify the TLS protocol version again by running the first command mentioned above.
```
az webapp config ssl list --resource-group <resource_group_name> --name <app_name> --query "[].{protocolVersion:protocols[0].protocol}" --output table
```
This command should now display the updated TLS protocol version.

By following these steps, you can remediate the TLS protocol version misconfiguration in Azure using Azure CLI.

Using Python

To remediate the TLS Protocol Latest Version misconfiguration in AZURE using Python, follow these steps:

Identify the resources that are affected by the misconfiguration. This can be done by using the Azure CLI command az resource list.
For each affected resource, check if the TLS protocol version is up to date. This can be done by using the requests library in Python to make a test request to the resource using the TLSv1_2 protocol. If the request succeeds, then the TLS protocol version is up to date. If the request fails, then the TLS protocol version is not up to date.
If the TLS protocol version is not up to date, update the resource to use the latest TLS protocol version. This can be done by using the Azure Python SDK to update the resource’s configuration. The specific steps will depend on the type of resource that is affected.
After updating the resource, verify that the TLS protocol version is up to date by repeating step 2.

Here is a sample Python code that can be used to check and remediate the TLS Protocol Latest Version misconfiguration for Azure Web Apps:

import requests
from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient

# Set the Azure subscription ID, resource group name, and web app name
subscription_id = 'your-subscription-id'
resource_group_name = 'your-resource-group-name'
web_app_name = 'your-web-app-name'

# Authenticate using the default Azure credentials
credential = DefaultAzureCredential()

# Create the Azure Web Apps management client
web_client = WebSiteManagementClient(credential, subscription_id)

# Get the web app resource ID
web_app = web_client.web_apps.get(resource_group_name, web_app_name)
web_app_id = web_app.id

# Check if the TLS protocol version is up to date
test_url = f'https://{web_app_name}.azurewebsites.net'
response = requests.get(test_url, verify=False)
if response.status_code == 200:
    print('TLS protocol version is up to date')
else:
    print('TLS protocol version is not up to date')

    # Update the web app to use the latest TLS protocol version
    web_app_config = web_client.web_apps.get_configuration(resource_group_name, web_app_name)
    web_app_config.min_tls_version = '1.2'
    web_client.web_apps.update_configuration(resource_group_name, web_app_name, web_app_config)

    # Verify that the TLS protocol version is up to date
    response = requests.get(test_url, verify=False)
    if response.status_code == 200:
        print('TLS protocol version has been updated')
    else:
        print('Failed to update TLS protocol version')

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Check for TLS Protocol Latest Version

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation