Ensure MySQL is using the latest version of TLS encryption

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Ensure MySQL is using the latest version of TLS encryption

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: c2a1d4e6-f789-4b0c-9e12-3456789abcde

Cloud Provider: Azure

Platform: Terraform

Severity: High

Category: Networking and Firewall

Learn More

Provider Reference

Description

Outdated TLS versions (TLS 1.0/1.1) contain vulnerabilities that can be exploited by attackers to intercept sensitive data transmitted between the client and the MySQL server. When TLS 1.0/1.1 is used, your database traffic becomes vulnerable to man-in-the-middle attacks, potentially exposing usernames, passwords, and sensitive data. Using TLS 1.2 addresses these security weaknesses and provides stronger encryption algorithms and more secure cipher suites. To ensure proper configuration, replace ssl_minimal_tls_version_enforced = ["TLS1_0"] with ssl_minimal_tls_version_enforced = ["TLS1_2"] in your Azure MySQL server resource.

Compliant Code Examples

resource "azurerm_mysql_server" "good_example" {
  name                = "good-mysql-server"
  location            = "East US"
  resource_group_name = "example-rg"

  ssl_minimal_tls_version_enforced = ["TLS1_2"] # ✅ Correct TLS version
}

Non-Compliant Code Examples

resource "azurerm_mysql_server" "bad_example" {
  name                = "bad-mysql-server"
  location            = "East US"
  resource_group_name = "example-rg"

  ssl_minimal_tls_version_enforced = ["TLS1_0"] # ❌ Outdated TLS version
}