Insecure encryption algorithm - SSL/TLS
Description
The server allows the usage of insecure TLS protocol versions.
Impact
Compromise sensitive information that travels between client and server.
Recommendation
Update TLS protocol to version TLSv1.2 or TLSv1.3 if possible.
Threat
Unauthorized attacker from adjacent network.
Expected Remediation Time
⏱️ 100 minutes.
Details
SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted links between networked computers.
The most common and well-known use of SSL/TLS is secure web browsing via the HTTPS protocol. Users visiting an HTTPS website can be assured of:
Authenticity, The server presenting the certificate is in possession of the private key that matches the public key in the certificate.
Integrity, Documents signed by the certificate (e.g. web pages) have not been altered in transit by a man in the middle.
Encryption, Communications between the client and server are encrypted.
Because of these properties, SSL/TLS and HTTPS allow users to securely transmit confidential information such as credit card numbers, social security numbers, and login credentials over the internet, and be sure that the website they are sending them to is authentic.
With an insecure HTTP website, these data are sent as plain text, readily available to any eavesdropper with access to the data stream. Furthermore, users of these unprotected websites have no trusted third-party assurance that the website they are visiting is what it claims to be.
Requirements
148 - Set minimum size of asymmetric encryption149 - Set minimum size of symmetric encryption150 - Set minimum size for hash functions181 - Transmit data using secure protocols336 - Disable insecure TLS versionsRules
Aws Instance Tls DisabledAws Virtual Gateway Tls DisabledAws Insecure Ssl CipherAws Broker Broker Tls DisabledAws Opensearch Insecure Tls VersionAws Api Gateway Insecure Tls VersionAws Docdb Cluster Tls DisabledAws Insecure ProtocolsAws Insecure Ssl ProtocolAws Client Broker Tls DisabledAws Insecure Security PolicyAws Cluster Tls DisabledSsl Tls Refuses Tls1 2 PlusSsl Tls Server Vulnerable To Freak AttacksSsl Tls Server Vulnerable To Heartbleed AttacksSsl Tls Server Accepts Tlsv1 1 ConnectionsSsl Tls Server Accepts Sslv3 ConnectionsSsl Tls Server Accepts Tlsv1 ConnectionsSsl Tls Fallback Scsv Not Handled CorrectlySsl Tls Server Allows Tlsv1 3 DowngradeTerraform Outdated Or Missing Tls PolicyJson Tls Minimum ApiTerraform Mysql Ssl Enforcement DisabledJson Yaml Outdated Tls Protocols EnabledTerraform Insecure Tls Version LinuxTerraform Outdated Tls VersionsGo Insecure Tls ConfigurationJson Yaml Outdated Or Missing TlsScala Deprecated Defaulthttpclient UseC Sharp Servicepointmanager Security Protocols DisabledTerraform Insecure Tls VersionSwift Weak Tls ConfigurationTerraform Backend Tls10 EnabledTerraform Outdated Min Tls VersionJavascript Outdated Tls Versions EnabledJava Outdated Tls Versions EnabledKotlin Deprecated Default Http Client UsedTerraform Insecure Tls Version PostgresqlTerraform Non Ssl Port Enabled TrueC Sharp Sas Protocol Allows HttpTypescript Outdated Tls Versions EnabledTerraform Ssl Enforcement DisabledC Sharp Revocation Check DisabledC Sharp Outdated Tls Versions EnabledPhp Outdated Tls11 EnabledJava Deprecated Default Http Client UsedTerraform Frontend Allows Ssl30