TLS Version change

plugins/azure/eventhub/eventHubMinimumTLSversion.js

@@ -11,14 +11,6 @@ module.exports = {
     recommended_action: 'Modify Event Hubs namespaces to set the desired minimum TLS version.',
     link: 'https://learn.microsoft.com/en-us/azure/event-hubs/transport-layer-security-enforce-minimum-version',
     apis: ['eventHub:listEventHub'],
-    settings: {
-        event_hub_min_tls_version: {
-            name: 'Event Hub Minimum TLS Version',
-            description: 'Minimum desired TLS version for Microsoft Azure Event Hubs',
-            regex: '^(1.0|1.1|1.2)$',
-            default: '1.2'
-        }
-    },
     realtime_triggers: ['microsofteventhub:namespaces:write', 'microsofteventhub:namespaces:delete'],
 
     run: function(cache, settings, callback) {
@@ -27,7 +19,7 @@ module.exports = {
         var locations = helpers.locations(settings.govcloud);
 
         var config = {
-            event_hub_min_tls_version: settings.event_hub_min_tls_version || this.settings.event_hub_min_tls_version.default
+            event_hub_min_tls_version: '1.2'
         };
 
         var desiredVersion = parseFloat(config.event_hub_min_tls_version);

plugins/azure/redisCache/minimumTlsVersion.js

@@ -7,7 +7,7 @@ module.exports = {
     domain: 'Databases',
     severity: 'Medium',
     description: 'Ensures that Azure Cache for Redis is using the latest TLS version.',
-    more_info: 'TLS versions 1.0 and 1.1 are known to be susceptible to attacks, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses.So there\'s an industry- wide push toward the exclusive use of Transport Layer Security(TLS) version 1.2 or later.',
+    more_info: 'TLS versions 1.2 is known to be susceptible to attacks, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses.So there\'s an industry- wide push toward the exclusive use of Transport Layer Security(TLS) version 1.2 or later.',
     recommended_action: 'Ensure that Azure cache for Redis is using the latest TLS version',
     link: 'https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-remove-tls-10-11',
     apis: ['redisCaches:listBySubscription'],
@@ -37,7 +37,7 @@ module.exports = {
             for (let cache of caches.data) {
                 if (!cache.minimumTlsVersion) {
                     helpers.addResult(results, 2, 'Redis Cache is using the default TLS Version', location, cache.id);
-                } else if (cache.minimumTlsVersion && (cache.minimumTlsVersion === '1.0' || cache.minimumTlsVersion === '1.1')) {
+                } else if (cache.minimumTlsVersion && (cache.minimumTlsVersion === '1.2')) {
                     helpers.addResult(results, 2, 'Redis Cache is not using the latest TLS Version', location, cache.id);
                 } else {
                     helpers.addResult(results, 0, 'Redis Cache is using the latest TLS Version', location, cache.id);

plugins/azure/sqlserver/sqlServerTlsVersion.js

@@ -11,14 +11,6 @@ module.exports = {
     recommended_action: 'Modify SQL server firewall and virtual network settings to set desired minimum TLS version.',
     link: 'https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings#minimal-tls-version',
     apis: ['servers:listSql'],
-    settings: {
-        sql_server_min_tls_version: {
-            name: 'SQL Server Minimum TLS Version',
-            description: 'Minimum desired TLS version for Microsoft Azure SQL servers',
-            regex: '^(1.0|1.1|1.2)$',
-            default: '1.2'
-        }
-    },
     remediation_min_version: '202104012200',
     remediation_description: 'TLS version 1.2 will be set for the affected SQL server',
     apis_remediate: ['servers:listSql'],
@@ -32,7 +24,7 @@ module.exports = {
         var locations = helpers.locations(settings.govcloud);
 
         var config = {
-            sql_server_min_tls_version: settings.sql_server_min_tls_version || this.settings.sql_server_min_tls_version.default
+            sql_server_min_tls_version: '1.2'
         };
 
         var desiredVersion = parseFloat(config.sql_server_min_tls_version);

plugins/azure/storageaccounts/storageAccountsTlsVersion.js

@@ -12,14 +12,6 @@ module.exports = {
     recommended_action: 'Modify Storage Account configuration and set desired minimum TLS version',
     link: 'https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version',
     apis: ['storageAccounts:list'],
-    settings: {
-        sa_min_tls_version: {
-            name: 'Storage Account Minimum TLS Version',
-            description: 'Minimum desired TLS version for Microsoft Azure Storage Accounts',
-            regex: '^(1.0|1.1|1.2)$',
-            default: '1.2'
-        }
-    },
     remediation_min_version: '202112312200',
     remediation_description: 'TLS version 1.2 will be set for the affected Storage Accounts',
     apis_remediate: ['storageAccounts:list'],
@@ -33,7 +25,7 @@ module.exports = {
         var locations = helpers.locations(settings.govcloud);
 
         var config = {
-            sa_min_tls_version: settings.sa_min_tls_version || this.settings.sa_min_tls_version.default
+            sa_min_tls_version: 1.2
         };
 
         var desiredVersion = parseFloat(config.sa_min_tls_version);
@@ -58,7 +50,7 @@ module.exports = {
             storageAccounts.data.forEach(function(storageAccount) {
                 if (!storageAccount.id) return;
 
-                let tlsVersion = storageAccount.minimumTlsVersion ? storageAccount.minimumTlsVersion : 'TLS1.0'; //Default is TLS 1.0
+                let tlsVersion = storageAccount.minimumTlsVersion ? storageAccount.minimumTlsVersion : 'TLS1.2'; //Default is TLS 1.2
                 tlsVersion = tlsVersion.replace('TLS', '');
                 tlsVersion = tlsVersion.replace('_', '.');