Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support setting minTlsCipherSuite on App Service #24223

Open
1 task done
camtittle opened this issue Dec 13, 2023 · 13 comments · May be fixed by #26584
Open
1 task done

Support setting minTlsCipherSuite on App Service #24223

camtittle opened this issue Dec 13, 2023 · 13 comments · May be fixed by #26584
Labels
enhancement service/app-service

Comments

@camtittle
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Azure app service supports specifying the minimum TLS cipher suite to allow for incoming traffic. This can be set via the update config API's minTlsCipherSuite field.

See the Azure App Service blog for more details.

It would be great to be able specify this field in Terraform configuration.

New or Affected Resource(s)/Data Source(s)

azurerm_linux_web_app, azurerm_windows_web_app

Potential Terraform Configuration

resource "azurerm_linux_web_app" "example" {
  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_service_plan.example.location
  service_plan_id     = azurerm_service_plan.example.id

  site_config {
    minTlsCipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
  }
}

References

No response
@xiaxyi
Copy link
Contributor

xiaxyi commented Dec 14, 2023

Thanks @camtittle for raising this request, let me check and add it to our backlog once confirmed.

@xiaxyi
Copy link
Contributor

xiaxyi commented Dec 26, 2023

The property is available in next api version 2023-01-01, may not be able to put it with high priority, need to check.

@xiaxyi xiaxyi mentioned this issue Dec 27, 2023
Closed
1 task
@rajeeshmenoth

This comment was marked as duplicate.

Sign in to view
@xiaxyi xiaxyi mentioned this issue Jan 10, 2024
Closed
@lzarus

This comment was marked as duplicate.

Sign in to view
@rcskosir rcskosir linked a pull request Jan 12, 2024 that will close this issue
azurerm_linux_web_app, linux_web_app_slot - update API version to 2023-01-01 #24447
Closed
@joshfrias
Copy link

The above PR doesn't cover azurerm_windows_web_app. I hope this issue isn't closed before that.

@cleverer
Copy link

@xiaxyi it looks like the new properties got never implemented/dropped (even though the API version got upgraded to 2023-01-01) when #24447 got superseded by #24483. Is that correct?

Is there anything I can help to get those implemented?

This was referenced May 7, 2024
Closed
Closed
@atsernouski

This comment was marked as duplicate.

Sign in to view
@xiaxyi xiaxyi linked a pull request Jul 10, 2024 that will close this issue
Open
14 tasks
@xiaxyi
Copy link
Contributor

xiaxyi commented Jul 10, 2024

Hi all, the property is added in the mentioned pr. Feel free to track it for any progress.

@rcskosir rcskosir removed the preview label Jul 10, 2024
@Tolbin400

This comment was marked as off-topic.

Sign in to view
@DempseySbaiz
Copy link

Any updates on this please, our client is asking for this feature.

@fabiostawinski
Copy link

fabiostawinski commented Oct 23, 2024
edited
Loading

Meanwhile you may use azapi (1.15.0) for that

resource "azapi_update_resource" "minTlsCipherSuite" {
  type        = "Microsoft.Web/sites@2023-01-01"
  resource_id = azurerm_linux_web_app.linux_web_app.id
  body = jsonencode({
    properties = {
      siteConfig = {
        minTlsCipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
      }
    }
  })

  response_export_values = ["properties"]
}

@rmcolbert
Copy link

This capability officially went GA in Azure last month. Please revisit.

@man0s
Copy link

man0s commented Dec 17, 2024

Any update on this one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/app-service
Projects
None yet
Milestone
No milestone