Protocol: TLS Configuration Ciphers¶

Identifier: tls_configuration_cipher

Scanner(s) Support¶

Description¶

If you use weak or outdated ciphers in your TLS setup, you expose your data to potential attackers. Even when data is encrypted, a poorly configured cipher suite can allow a hacker to break the encryption and read or alter sensitive information like login credentials. This risk typically arises when defaults are blindly used or when outdated protocols are not updated. The impact is seriousan attacker could intercept communications, impersonate servers, or even manipulate data without being detected. That's why it's crucial to carefully select strong, modern ciphers and keep your configurations up-to-date.

References:

• https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
• https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
• https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Configuration¶

Example¶

Example configuration:

---
security_tests:
  tls_configuration_cipher:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.