Security Test: TLS Configuration Ciphers¶

Description¶

Default Severity:

If you use weak or outdated ciphers in your TLS setup, you expose your data to potential attackers. Even when data is encrypted, a poorly configured cipher suite can allow a hacker to break the encryption and read or alter sensitive information like login credentials. This risk typically arises when defaults are blindly used or when outdated protocols are not updated. The impact is serious—an attacker could intercept communications, impersonate servers, or even manipulate data without being detected. That's why it's crucial to carefully select strong, modern ciphers and keep your configurations up-to-date.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Configuration¶

Identifier: protocol/tls_configuration_cipher

Examples¶

All configuration available:

checks:
  protocol/tls_configuration_cipher:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`4.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.10.1`
NIST	`SP800-52`
FedRAMP	`SC-13`
CWE	`326`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
CVSS Score	`7.5`