From c8e5ed39fb8d2839c9a25ee79fe2de8d22be32b2 Mon Sep 17 00:00:00 2001
From: Jonny Rylands <jonnyry@users.noreply.github.com>
Date: Wed, 1 May 2024 18:22:19 +0100
Subject: [PATCH]  Remove TLS1.0/1.1 support. Resolves #3914 (#3916)

---
 CHANGELOG.md                            | 1 +
 core/terraform/appgateway/appgateway.tf | 6 ++++++
 core/version.txt                        | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e6a83a377..64cdb8bd18 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ ENHANCEMENTS:
 
 BUG FIXES:
 * Update to Resource Processor Image, now using Ubuntu 22.04 (jammy). Part of ([#3523](https://github.com/microsoft/AzureTRE/issues/3523))
+* Remove TLS1.0/1.1 support from Application Gateway
 
 COMPONENTS:
 
diff --git a/core/terraform/appgateway/appgateway.tf b/core/terraform/appgateway/appgateway.tf
index c3c573c8ae..6f743fbe6b 100644
--- a/core/terraform/appgateway/appgateway.tf
+++ b/core/terraform/appgateway/appgateway.tf
@@ -65,6 +65,12 @@ resource "azurerm_application_gateway" "agw" {
     key_vault_secret_id = azurerm_key_vault_certificate.tlscert.secret_id
   }
 
+  # SSL policy
+  ssl_policy {
+    policy_type = "Predefined"
+    policy_name = "AppGwSslPolicy20220101"
+  }
+
   # Backend pool with the static website in storage account.
   backend_address_pool {
     name  = local.staticweb_backend_pool_name
diff --git a/core/version.txt b/core/version.txt
index a25765c3e1..88081a7269 100644
--- a/core/version.txt
+++ b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.9.8"
+__version__ = "0.9.9"