rspec/rules/S4423/java/rule.adoc

include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/java-cryptography-extension.adoc[]

include::how-to-fix-it/okhttp.adoc[]

== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/articles.adoc[]

include::../common/resources/presentations.adoc[]

include::../common/resources/standards.adoc[]

* OWASP - https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard - Cryptography Requirements]
* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

=== Highlighting

`SSLContext.getInstance` invocation

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]