TLS 1.0 and Azure Blob storage, how to be compliant? - McMap

About

TLS 1.0 and Azure Blob storage, how to be compliant?

Asked 2/4, 2018 at 19:34 Answered 2/4, 2018 at 19:34

azure ssl azure-blob-storage tls1.0

Y

0

6

We recently had "security review" for our application, hosted in Azure, and one of the complaints was that we don't disable TLS 1.0.

While I know we can disable TLS 1.0 for web roles and even App Services (or at least will be able to do this soon), we also allow mobile apps to directly upload data to blob storage using REST API. The scanning revealed that and marked it as an issue?

Is anyone aware of possible solutions here, something to to do to disable it per container, or something?

The only solution I can see is implementing our own endpoint but that would be the last resort. Wander if someone have easier solution for this problem?

Yorgos answered 2/4, 2018 at 19:34 Comment(2)

Not sure what the roadmap is (since that wouldn't be public) but... it's fairly common to have an api specific to apps for interacting with azure (and not being able to write to services like Storage directly). Not sure why you consider that a "last resort" since it would let you have full control of Storage, without relying on access signatures (plus you'd then have control of content being uploaded, such as size/number of objects). – Ephram 3/4, 2018 at 1:52

Azure CDN is used for multiple things. Sometimes for whole apps as the JS is stored there. We should be able to disable TLS signature there as we can with cloudfront. – Mukden 6/4, 2018 at 11:38

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.