---
title: >-
  Application gateways should have SSL min protocol version set to TLSv1.2 or
  higher
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Application gateways should have SSL
  min protocol version set to TLSv1.2 or higher
---

# Application gateways should have SSL min protocol version set to TLSv1.2 or higher
 
## Description{% #description %}

TLS 1.0 and 1.1 are deprecated protocols with known vulnerabilities. Application gateways should enforce TLS 1.2 or higher as the minimum protocol version. Azure supports three SSL policy types: Predefined (where the TLS version is determined by the policy name), Custom, and CustomV2. For Custom and CustomV2 policies, TLS enforcement is controlled via the `min_protocol_version` field.

## Remediation{% #remediation %}

Update the Application Gateway SSL policy to enforce TLS 1.2 or higher. Select a Predefined policy that enforces TLS 1.2 or higher, or configure a Custom/CustomV2 policy with `min_protocol_version` set to TLS 1.2 or higher. For details on available policies, see [Application Gateway SSL policy overview](https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-policy-overview).