fix: don't allow tls versions older than TLS 1.2 (#432)

lucacasonato · web-flow · commit f0b087deea3f · 2024-04-23T09:36:36.000Z
Fixes #430
diff --git a/terraform/https.tf b/terraform/https.tf
@@ -24,6 +24,13 @@ resource "google_compute_target_https_proxy" "frontend" {
   name             = "frontend"
   url_map          = google_compute_url_map.frontend_https.id
   ssl_certificates = [google_compute_managed_ssl_certificate.frontend_cert.id]
+  ssl_policy       = google_compute_ssl_policy.frontend.id
+}
+
+resource "google_compute_ssl_policy" "frontend" {
+  name            = "frontend"
+  min_tls_version = "TLS_1_2"
+  profile         = "MODERN"
 }
 
 resource "google_compute_managed_ssl_certificate" "frontend_cert" {
@@ -38,6 +45,7 @@ resource "google_compute_managed_ssl_certificate" "frontend_cert" {
   }
 }
 
+
 resource "google_compute_url_map" "frontend_https" {
   name = "frontend-https"
 

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,13 @@ resource "google_compute_target_https_proxy" "frontend" {`
`24`	`24`	`name = "frontend"`
`25`	`25`	`url_map = google_compute_url_map.frontend_https.id`
`26`	`26`	`ssl_certificates = [google_compute_managed_ssl_certificate.frontend_cert.id]`
	`27`	`+ ssl_policy = google_compute_ssl_policy.frontend.id`
	`28`	`+}`
	`29`	`+`
	`30`	`+resource "google_compute_ssl_policy" "frontend" {`
	`31`	`+ name = "frontend"`
	`32`	`+ min_tls_version = "TLS_1_2"`
	`33`	`+ profile = "MODERN"`
`27`	`34`	`}`
`28`	`35`
`29`	`36`	`resource "google_compute_managed_ssl_certificate" "frontend_cert" {`
`@@ -38,6 +45,7 @@ resource "google_compute_managed_ssl_certificate" "frontend_cert" {`
`38`	`45`	`}`
`39`	`46`	`}`
`40`	`47`
	`48`	`+`
`41`	`49`	`resource "google_compute_url_map" "frontend_https" {`
`42`	`50`	`name = "frontend-https"`
`43`	`51`