2020-06-30 12:49:37 +02:00
Older versions of SSL/TLS protocol like "SSLv3" have been proven to be insecure.
2021-02-02 15:02:10 +01:00
2020-06-30 12:49:37 +02:00
This rule raises an issue when an SSL/TLS context is created with an insecure protocol version, i.e. when one of the following constants is detected in the code:
2020-06-30 14:49:38 +02:00
2021-01-27 13:42:22 +01:00
* ``++OpenSSL.SSL.SSLv3_METHOD++`` (Use instead ``++OpenSSL.SSL.TLSv1_2_METHOD++``)
* ``++ssl.PROTOCOL_SSLv3++`` (Use instead ``++ssl.PROTOCOL_TLSv1_2++``)
2020-06-30 12:49:37 +02:00
Protocol versions different from TLSv1.2 and TLSv1.3 are considered insecure.
== Noncompliant Code Example
----
from OpenSSL import SSL
SSL.Context(SSL.SSLv3_METHOD) # Noncompliant
----
----
import ssl
ssl.SSLContext(ssl.PROTOCOL_SSLv3) # Noncompliant
----
== Compliant Solution
----
from OpenSSL import SSL
SSL.Context(SSL.TLSv1_2_METHOD) # Compliant
----
----
import ssl
ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) # Compliant
----
include::../see.adoc[]
2021-06-02 20:44:38 +02:00
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
2021-06-08 15:52:13 +02:00
'''
2021-06-02 20:44:38 +02:00
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
