Azure-RedisCache-Minimum-TLS-Version

Severity : High

Description: This control ensures that Azure Redis Cache servers are using the latest version of the TLS protocol and have minimum TLS version configured. Encryption should be set with the latest version of TLS. Azure Cache for Redis provides an in-memory data store based on the Redis software. TLS encryption is required to secure data in transit between Azure Redis Cache and client applications. Azure Redis Cache service allows to set the minimum TLS version to make sure that the servers does not uses TLS version which are insecure, are known to be susceptible to attacks such as BEAST and POODLE, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses. It also enforces the compliances requirements. It is highly recommended to use the latest TLS 1.2 version for Redis Cache secure connections.

Remediation Steps:

Perform following to update Redis Cache configuration:

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to Azure Cache for Redis.

3. Select the Redis Cache instance to be remediated.

4. Under Setting section, Select Advanced Settings.

5. Select Minimum TLS Version to 1.2.

Important:

Reference:

• How to configure Azure Cache for Redis

• Remove TLS 1.0 and 1.1 from use with Azure Cache for Redis