Closed BernieWhite closed 2 years ago
@BernieWhite Is it possible to add an example of valid ARM/Bicep to this doc? https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.APIM.Ciphers/
It took me a while to find this issue and then more time to figure out how to use the properties in Bicep (didn't realize quotes were required). I used this Bicep example: https://raw.githubusercontent.com/Azure/azure-quickstart-templates/91fbf3bd52d22765016b6a61bd6d5bb02beb8ed1/quickstarts/microsoft.apimanagement/api-management-create-with-internal-vnet-publicip/main.bicep
@pamelafox Great suggestion, and good call out. We know the docs for API Management rules need some updates. We definitely want to include an example in ARM/ Bicep so I've cross referenced this in issue #867 which deals with the docs updates so we can track this feedback.
Rule request
Suggested rule change
API Management services should disable weak ciphers. Including:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
Applies to the following
The rule applies to the following:
Sample data
A passing sample:
A failing sample: