rspec/rules/S5326/description.adoc

Validating SSL/TLS connections is security-sensitive. For example, it has led in the past to the following vulnerabilities:

* https://nvd.nist.gov/vuln/detail/CVE-2014-5531[CVE-2014-5531]
* https://nvd.nist.gov/vuln/detail/CVE-2014-5524[CVE-2014-5524]
* https://nvd.nist.gov/vuln/detail/CVE-2014-5574[CVE-2014-5574]

SSL/TLS protocols encrypt network connections. The server usually provides a digital certificate to prove its identity. Accepting all SSL/TLS certificates makes your application vulnerable to https://www.owasp.org/index.php/Man-in-the-middle_attack[Man-in-the-middle attacks (MITM)].
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`Validating SSL/TLS connections is security-sensitive. For example, it has led in the past to the following vulnerabilities:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`* https://nvd.nist.gov/vuln/detail/CVE-2014-5531[CVE-2014-5531]`
			`* https://nvd.nist.gov/vuln/detail/CVE-2014-5524[CVE-2014-5524]`
			`* https://nvd.nist.gov/vuln/detail/CVE-2014-5574[CVE-2014-5574]`

			`SSL/TLS protocols encrypt network connections. The server usually provides a digital certificate to prove its identity. Accepting all SSL/TLS certificates makes your application vulnerable to https://www.owasp.org/index.php/Man-in-the-middle_attack[Man-in-the-middle attacks (MITM)].`