SSL policies should enforce secure versions of TLS

Explanation

TLS versions prior to 1.2 are outdated and insecure. You should use 1.2 as aminimum version.

Possible Impact

Data in transit is not sufficiently secured

Suggested Resolution

Enforce a minimum TLS version of 1.2

Insecure Example

The following example will fail the google-compute-use-secure-tls-policy check.

resource "google_compute_ssl_policy" "bad_example" {
  name    = "production-ssl-policy"
  profile = "MODERN"
  min_tls_version = "TLS_1_1"
}

Secure Example

The following example will pass the google-compute-use-secure-tls-policy check.

resource "google_compute_ssl_policy" "good_example" {
  name    = "production-ssl-policy"
  profile = "MODERN"
  min_tls_version = "TLS_1_2"
}

Getting Started
Provider Checks
Config
GitHub Actions