Inadequate encryption strength
Description
The application was found calling `ssl.wrap_socket` without a TLS protocol version specified. `ssl.wrap_socket` has been deprecated since Python 3.7. It is strongly recommended that newer applications use TLS 1.2 or 1.3 and `SSLContext.wrap_socket`.
Examples
Insecure Code
python
ssl.wrap_socket()Secure Code
python
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
with context.wrap_socket(sock, server_hostname="www.example.org") as tls_sock:Remediation
Create a new TLS context and pass in `ssl.PROTOCOL_TLS_CLIENT` for clients or `ssl.PROTOCOL_TLS_SERVER` for servers to the `ssl.SSLContext(...)` `protocol=` argument. When converting the socket to a TLS socket, use the new `SSLContext.wrap_socket` method instead.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0165 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | insecure protocol, deprecated function |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |