| Plugin Title | Enforce PostgreSQL SSL Connection |
| Cloud | AZURE |
| Category | PostgreSQL Server |
| Description | Ensures SSL connections are enforced on PostgreSQL Servers |
| More Info | SSL prevents infiltration attacks by encrypting the data stream between the server and application. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security |
| Recommended Action | Ensure the connection security settings of each PostgreSQL server are configured to enforce SSL connections. |
- Log in to the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for PostgreSQL.
- On the "Azure Database for PostgreSQL servers" page, select the database by clicking on the "Name" as a link that needs to be examined.
- Scroll down the left navigation panel and choose "Connection Security" under "Settings."
- On the "Connection Security" page, search for "SSL settings". If the Enforce SSL connection is set to "DISABLED" this is a security risk as data is transmitted unencrypted. This is against azure best practices.
- To enable the "SSL Connection" select "ENABLED" from the toggle configuration button. In the "TLS setting" select the highest version "1.2" as of now.
- Click on the "Save" button at the top to make the changes.
- Repeat step number 3 - 7 to ensure the server parameters for each PostgreSQL server have the ssl connection enabled.
