Older versions of SSL/TLS protocol like "SSLv3" have been proven to be insecure.

This rule raises an issue when an SSL/TLS context is created with an insecure protocol version, i.e. when one of the following constants is detected in the code:

* ``++OpenSSL.SSL.SSLv3_METHOD++`` (Use instead ``++OpenSSL.SSL.TLSv1_2_METHOD++``)
* ``++ssl.PROTOCOL_SSLv3++`` (Use instead ``++ssl.PROTOCOL_TLSv1_2++``)

Protocol versions different from TLSv1.2 and  TLSv1.3 are considered insecure.

== Noncompliant Code Example

----
from OpenSSL import SSL

SSL.Context(SSL.SSLv3_METHOD)  # Noncompliant
----

----
import ssl

ssl.SSLContext(ssl.PROTOCOL_SSLv3) # Noncompliant
----

== Compliant Solution

----
from OpenSSL import SSL

SSL.Context(SSL.TLSv1_2_METHOD)  # Compliant
----

----
import ssl

ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) # Compliant
----

include::../see.adoc[]

ifdef::rspecator-view[]
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::rspecator-view[]