Security Test: TLS Configuration¶

Description¶

Default Severity:

If TLS is set up incorrectly, data that should be encrypted might not be fully protected, letting attackers snoop or even tamper with information. Mistakes occur when developers use outdated protocols or weak ciphers, misconfigure certificate checks, or ignore the proper use of certificates, turning what should be a secure connection into a vulnerable one. If these missteps aren’t caught, attackers might impersonate servers or force weaker encryption, putting sensitive data like user credentials at risk. It's an easy trap—cutting corners on TLS configuration can leave the secure transmission of data open to interception and fraud.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Configuration¶

Identifier: protocol/tls_configuration_protocol

Examples¶

All configuration available:

checks:
  protocol/tls_configuration_protocol:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`4.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.10.1`
NIST	`SP800-52`
FedRAMP	`SC-8`
CWE	`319`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
CVSS Score	`7.5`