Change SSL to TLS.

TimShererWithAquent · TimShererWithAquent · commit 7778fb0d2ec8 · 2020-03-26T16:17:45.000-07:00
diff --git a/articles/dedicated-hsm/faq.md b/articles/dedicated-hsm/faq.md
@@ -36,7 +36,7 @@ Microsoft has partnered with Gemalto to deliver the Azure Dedicated HSM service.
 
 ### Q: What is an HSM used for?
 
-HSMs are used for storing cryptographic keys that are used for cryptographic functionality such as SSL (secure socket layer), encrypting data, PKI (public key infrastructure), DRM (digital rights management), and signing documents.
+HSMs are used for storing cryptographic keys that are used for cryptographic functionality such as Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), encrypting data, PKI (public key infrastructure), DRM (digital rights management), and signing documents.
 
 ### Q: How does Dedicated HSM work?
 
@@ -128,13 +128,13 @@ Yes. Refer to the Gemalto migration guide.
 
 ### Q: How do I decide whether to use Azure Key Vault or Azure Dedicated HSM?
 
-Azure Dedicated HSM is the appropriate choice for enterprises migrating to Azure on-premises applications that use HSMs. Dedicated HSMs present an option to migrate an application with minimal changes. If cryptographic operations are performed in the application's code running in an Azure VM or Web App, they can use Dedicated HSM. In general, shrink-wrapped software running in IaaS (infrastructure as a service) models, that support HSMs as a key store can use Dedicate HSM, such as Application gateway or traffic manager for keyless SSL, ADCS (Active Directory Certificate Services), or similar PKI tools, tools/applications used for document signing, code signing, or a SQL Server (IaaS) configured with TDE (transparent database encryption) with master key in an HSM using an EKM (extensible key management) provider. Azure Key Vault is suitable for "born-in-cloud" applications or for encryption at rest scenarios where customer data is processed by PaaS (platform as a service) or SaaS (Software as a service) scenarios such as Office 365 Customer Key, Azure Information Protection, Azure Disk Encryption, Azure Data Lake Store encryption with customer-managed key, Azure Storage encryption with customer managed key, and Azure SQL with customer managed key.
+Azure Dedicated HSM is the appropriate choice for enterprises migrating to Azure on-premises applications that use HSMs. Dedicated HSMs present an option to migrate an application with minimal changes. If cryptographic operations are performed in the application's code running in an Azure VM or Web App, they can use Dedicated HSM. In general, shrink-wrapped software running in IaaS (infrastructure as a service) models, that support HSMs as a key store can use Dedicate HSM, such as Application gateway or traffic manager for keyless TLS, ADCS (Active Directory Certificate Services), or similar PKI tools, tools/applications used for document signing, code signing, or a SQL Server (IaaS) configured with TDE (transparent database encryption) with master key in an HSM using an EKM (extensible key management) provider. Azure Key Vault is suitable for "born-in-cloud" applications or for encryption at rest scenarios where customer data is processed by PaaS (platform as a service) or SaaS (Software as a service) scenarios such as Office 365 Customer Key, Azure Information Protection, Azure Disk Encryption, Azure Data Lake Store encryption with customer-managed key, Azure Storage encryption with customer managed key, and Azure SQL with customer managed key.
 
 ### Q: What usage scenarios best suit Azure Dedicated HSM?
 
 Azure Dedicated HSM is most suitable for migration scenarios. This means that if you are migrating on-premises applications to Azure that are already using HSMs. This provides a low-friction option to migrate to Azure with minimal changes to the application. If cryptographic operations are performed in the application's code running in Azure VM or Web App, Dedicated HSM may be used. In general, shrink-wrapped software running in IaaS (infrastructure as a service) models, that support HSMs as a key store can use Dedicate HSM, such as:
 
-* Application gateway or traffic manager for keyless SSL
+* Application gateway or traffic manager for keyless TLS
 * ADCS (Active Directory Certificate Services)
 * Similar PKI tools
 * Tools/applications used for document signing
diff --git a/articles/key-vault/create-certificate.md b/articles/key-vault/create-certificate.md
@@ -79,8 +79,8 @@ Certificate creation can be completed manually or using a “Self” issuer. Key
 
 |Provider|Certificate type|  
 |--------------|----------------------|  
-|DigiCert|Key Vault offers OV or EV SSL certificates with DigiCert|
-|GlobalSign|Key Vault offers OV or EV SSL certificates with GlobalSign|
+|DigiCert|Key Vault offers OV or EV TLS/SSL certificates with DigiCert|
+|GlobalSign|Key Vault offers OV or EV TLS/SSL certificates with GlobalSign|
 
  A certificate issuer is an entity represented in Azure Key Vault (KV) as a CertificateIssuer resource. It is used to provide information about the source of a KV certificate; issuer name, provider, credentials, and other administrative details.
 
diff --git a/articles/mariadb/security-baseline.md b/articles/mariadb/security-baseline.md
@@ -506,7 +506,7 @@ Understand customer data protection in Azure: https://docs.microsoft.com/azure/s
 
 ### 4.4: Encrypt all sensitive information in transit
 
-**Guidance**: Azure Database for MariaDB supports connecting your Azure Database for MariaDB server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application. In the Azure portal, ensure "Enforce SSL connection" is enabled for all of your MariaDB instances.
+**Guidance**: Azure Database for MariaDB supports connecting your Azure Database for MariaDB server to client applications using Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL). Enforcing TLS connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application. In the Azure portal, ensure "Enforce SSL connection" is enabled for all of your MariaDB instances.
 
 How to configure encryption in transit for MariaDB: https://docs.microsoft.com/azure/mariadb/howto-configure-ssl
 
diff --git a/articles/postgresql/security-baseline.md b/articles/postgresql/security-baseline.md
@@ -126,7 +126,7 @@ Understand service tag usage for Azure Database for PostgreSQL: https://docs.mic
 
 - DDoS Protection Standard should be enabled
 
-- Enforce SSL connection should be enabled for PostgreSQL database servers
+- Enforce TLS connection should be enabled for PostgreSQL database servers
 
 How to configure and manage Azure Policy: https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage
 
@@ -521,7 +521,7 @@ Understand customer data protection in Azure: https://docs.microsoft.com/azure/s
 
 ### 4.4: Encrypt all sensitive information in transit
 
-**Guidance**: Azure Database for PostgreSQL supports connecting your PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application. In the Azure portal, ensure "Enforce SSL connection" is enabled for all of your Azure Database for PostgreSQL instances by default.
+**Guidance**: Azure Database for PostgreSQL supports connecting your PostgreSQL server to client applications using Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL). Enforcing TLS connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application. In the Azure portal, ensure "Enforce SSL connection" is enabled for all of your Azure Database for PostgreSQL instances by default.
 
 Currently the TLS version supported for Azure Database for PostgreSQL are TLS 1.0, TLS 1.1, TLS 1.2.
 
@@ -790,7 +790,7 @@ How to configure Conditional Access to block access to Azure Resource Manager: h
 
 **Guidance**: Define and implement standard security configurations for your Azure Database for PostgreSQL instances with Azure Policy. Use Azure Policy aliases in the "Microsoft.DBforPostgreSQL" namespace to create custom policies to audit or enforce the network configuration of your Azure Database for PostgreSQL instances. You may also make use of built-in policy definitions related to your Azure Database for PostgreSQL instances, such as:
 
-- Enforce SSL connection should be enabled for PostgreSQL database servers
+- Enforce TLS connection should be enabled for PostgreSQL database servers
 
 - Log connections should be enabled for PostgreSQL database servers
 
diff --git a/articles/security/benchmarks/security-control-network-security.md b/articles/security/benchmarks/security-control-network-security.md
@@ -140,7 +140,7 @@ https://docs.microsoft.com/azure/firewall/threat-intel
 |--|--|--|
 | 1.7 | 12.9, 12.10 | Customer |
 
-Deploy Azure Application Gateway for web applications with HTTPS/SSL enabled for trusted certificates.
+Deploy Azure Application Gateway for web applications with HTTPS/TLS enabled for trusted certificates.
 
 How to deploy Application Gateway:
 
