rspec/rules/S4423/comments-and-links.adoc

=== deprecates: S5326

=== on 5 Mar 2018, 12:04:37 Alexandre Gigleux wrote:
There is no SEI CERT ID for this one in \https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java

=== on 5 Mar 2018, 13:06:12 Alexandre Gigleux wrote:
See \https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext for the list of protocols supported by ``++SSLContext.getInstance()++``.

=== on 27 Mar 2018, 15:46:54 Pierre-Yves Nicolas wrote:
\[~alexandre.gigleux] There's a different https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#sslcontext-algorithms[list for java 9] which contains 3 "new" protocols: DTLS, DTLSv1.0 and DTLSv1.2. Should they also be considered as weak?

=== on 27 Mar 2018, 16:42:02 Alexandre Gigleux wrote:
\[~pierre-yves.nicolas]


According to \https://tools.ietf.org/html/rfc7525#page-6 (3.1.2. DTLS Protocol Versions), here is the mapping between DTLS and TLS:


Version 1.0 of DTLS correlates to version 1.1 of TLS

Version 1.2 of DTLS correlates to version 1.2 of TLS


As a consequence, we should consider DTLS and DTLSv1.0 in the "weak" list.


=== on 30 May 2018, 17:00:33 Alexandre Gigleux wrote:
We should generalize this rule to: "Weak SSL protocols should not be used"
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== deprecates: S5326`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 5 Mar 2018, 12:04:37 Alexandre Gigleux wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`There is no SEI CERT ID for this one in \https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 5 Mar 2018, 13:06:12 Alexandre Gigleux wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			See \https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext for the list of protocols supported by ``++SSLContext.getInstance()++``.

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 27 Mar 2018, 15:46:54 Pierre-Yves Nicolas wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~alexandre.gigleux] There's a different https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#sslcontext-algorithms[list for java 9] which contains 3 "new" protocols: DTLS, DTLSv1.0 and DTLSv1.2. Should they also be considered as weak?`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 27 Mar 2018, 16:42:02 Alexandre Gigleux wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~pierre-yves.nicolas]`


			`According to \https://tools.ietf.org/html/rfc7525#page-6 (3.1.2. DTLS Protocol Versions), here is the mapping between DTLS and TLS:`


			`Version 1.0 of DTLS correlates to version 1.1 of TLS`

			`Version 1.2 of DTLS correlates to version 1.2 of TLS`


			`As a consequence, we should consider DTLS and DTLSv1.0 in the "weak" list.`



Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 30 May 2018, 17:00:33 Alexandre Gigleux wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`We should generalize this rule to: "Weak SSL protocols should not be used"`