67 lines
2.1 KiB
Plaintext
67 lines
2.1 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
== Noncompliant Code Example
|
|
|
|
``++javax.net.ssl.SSLContext++`` library:
|
|
|
|
[source,java]
|
|
----
|
|
context = SSLContext.getInstance("TLSv1.1"); // Noncompliant
|
|
----
|
|
|
|
https://square.github.io/okhttp/[okhttp] library:
|
|
|
|
[source,java]
|
|
----
|
|
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
|
.tlsVersions(TlsVersion.TLS_1_1) // Noncompliant
|
|
.build();
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
``++javax.net.ssl.SSLContext++`` library:
|
|
|
|
[source,java]
|
|
----
|
|
context = SSLContext.getInstance("TLSv1.2"); // Compliant
|
|
----
|
|
|
|
https://square.github.io/okhttp/[okhttp] library:
|
|
|
|
[source,java]
|
|
----
|
|
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
|
.tlsVersions(TlsVersion.TLS_1_2) // Compliant
|
|
.build();
|
|
----
|
|
|
|
== See
|
|
|
|
* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
|
|
* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures
|
|
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
|
|
* https://cwe.mitre.org/data/definitions/326[MITRE, CWE-327] - Inadequate Encryption Strength
|
|
* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-326] - Use of a Broken or Risky Cryptographic Algorithm
|
|
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
|
|
* https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https[Diagnosing TLS, SSL, and HTTPS]
|
|
* https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#22-use-secure-protocols[SSL and TLS Deployment Best Practices - Use secure protocols]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|