Event Grod Topics and TLS Version

Question

We received a MS security advisory to update our Topics to TLS1.2.

Our Event Grid instance contains no Custom Topics, though it does contain System Topics.

The instructions their advisory refer us to the API documentation for System Topics.

But the GET systemTopics properties URI doesn’t expose any existing Minimum TLS properties, so I can't tell what they're set to (it's not evident in the Azure portal either)

And the PATCH systemTopics doesn’t allow us to specify a new TLS version.

I note that specifying the minimum TLS for new System Topics is unavailable, unlike Custom Topics, which leads me to think that maintaining TLS versioning for System Topics is not in our control so any future System Topic TLS version requirements will take care of themselves within the platform somehow.

Has anyone found the same thing / does the advisory still apply to us, if we're only using System Topics?

Answer

Response from MS Support:

"Issue Description: The advisory to update to TLS 1.2 or higher primarily applies to custom topics and System topics in Azure Event Grid,

Analysis:

The advisory to update to TLS 1.2 or higher primarily applies to custom topics in Azure Event Grid, where users have control over the TLS settings. For system topics, the TLS versioning is managed by the Azure platform itself, and users do not have the ability to view or modify these settings. Therefore, the advisory does not require any action for system topics, as Azure will handle the TLS versioning automatically to ensure compliance with security standards.

If you are only using system topics, it seems that the advisory does not apply to you, and no action is needed on your part."

Share via

Event Grod Topics and TLS Version

1 answer

Your answer