Alibaba Cloud Cypher Policy is not secured
Description
This policy ensures that Alibaba Cloud SLB (Server Load Balancer) TLS cipher policies are secure. Specifically, it ensures that only secure versions of TLS (Transport Layer Security) are used by disallowing the use of TLSv1.0 and TLSv1.1. Using outdated TLS versions presents security vulnerabilities that can be exploited, compromising the security of data in transit.
Failing to enforce secure TLS versions can result in insecure connections, leaving data susceptible to interception and decryption by attackers.
Code Example
go
resource "alicloud_slb_tls_cipher_policy" "example" {
...
- tls_versions = ["TLSv1.1"]
+ tls_versions = ["TLSv1.2", "TLSv1.3"]
}Remediation
Terraform
- Resource: alicloud_slb_tls_cipher_policy
- Attribute: tls_versions
To mitigate this issue, ensure that the `tls_versions` attribute in the `alicloud_slb_tls_cipher_policy` resource does not include `TLSv1.0` or `TLSv1.1`.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0033 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_33 |