Security Test: TLS Configuration Server Preferences¶

Description¶

Default Severity:

When a server's TLS configuration isn’t properly managed, it might use outdated or weak settings that can expose sensitive data during transmission. Even if encryption is in place, misconfigurations—like accepting insecure protocols or ciphers, or not properly checking certificate validity—can let attackers intercept or alter the data. Developers often fall into trouble by relying on default settings or overlooking proper certificate management, which can lead to man-in-the-middle attacks or unauthorized data access. This misstep can compromise the confidentiality and integrity of user data if not corrected.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Configuration¶

Identifier: protocol/tls_configuration_server_pref

Examples¶

All configuration available:

checks:
  protocol/tls_configuration_server_pref:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`4.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.10.1`
NIST	`SP800-52`
FedRAMP	`SC-8`
CWE	`319`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
CVSS Score	`5.3`