Inadequate encryption strength
Description
The application enables insecure TLS protocol versions. Only TLSv1.2, TLSv1.3, DTLSv1.2, and DTLSv1.3 should be allowed. Enforcing TLS 1.2 as the minimum protocol version and disallowing older versions mitigates potential security risks.
Examples
Insecure Code
kotlin
SSLContext tlsContext = SSLContext.getInstance("TLSv1.0");Secure Code
kotlin
SSLContext tlsContext = SSLContext.getInstance("TLSv1.2");Remediation
Explicitly define a secure configuration by setting the enabled protocols to TLSv1.2, TLSv1.3, DTLSv1.2, or DTLSv1.3 when creating an SSLContext.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0311 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | insecure protocol, TLS version |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |