TLS Version Analyzer
Configuration Name: TLSVersion
Description
The TLSVersion analyzer detects presence of TLS/SSL encryption on a connection and the version
of TLS being used. A finding is reported when
- API endpoint uses HTTP instead of HTTPS; or
- API endpoint uses a version of TLS older than TLS 1.2 (such as SSL, TLS 1.0, TLS 1.1).
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-757 | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') | Application either does use encryption or allows client to select a TLS version that is not considered the recommended best practice. | Configure application to accept only TLS 1.2 or TLS 1.3. | high |