Inadequate encryption strength
Description
DefaultHttpClient with default constructor is not compatible with TLS 1.2
Examples
Insecure Code
scala
val client = new DefaultHttpClient()Secure Code
scala
val client = HttpClientBuilder.create().build()Remediation
Use the HttpClientBuilder to create an instance of CloseableHttpClient with TLS 1.2 support
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0024 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | TLS, encryption |
| OWASP | N/A |