Thanks to visit codestin.com
Credit goes to github.com

Skip to content

🎉 add references to testssl #12045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 25, 2025
Merged

🎉 add references to testssl #12045

merged 1 commit into from
Mar 25, 2025

Conversation

manuel-sommer
Copy link
Contributor

This PR adds references to TLS ciphers with TLS version >= 1.0
examples:
https://ciphersuite.info/cs/TLS_RSA_WITH_AES_256_CBC_SHA/
https://ciphersuite.info/cs/TLS_RSA_WITH_RC4_128_MD5/

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

A patch was added to the testssl parser to generate TLS cipher suite references, identifying and documenting various weak and deprecated SSL/TLS cipher configurations with associated security risks.

Expand for full summary

  1. Summary: A patch adding TLS cipher suite reference generation in the testssl parser, introducing a new unit test and a reference CSV file for SSL/TLS cipher configurations.

  2. Security Findings:

  • Weak/deprecated cipher suites identified in references.csv, including:
    • SSLv2 and SSLv3 cipher suites (considered insecure)
    • Weak cryptographic protocols like RC4 and 3DES
    • Entries with CWE-327 (Broken/Weak Cryptography) and CWE-310 (Cryptographic Issues)
  • HIGH severity risks from RC4-based cipher suites
  • MEDIUM severity risks from 3DES cipher suites
  • Multiple insecure protocol versions represented (SSLv2, SSLv3, TLS 1.0, 1.1, 1.2)

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit e0564ef into DefectDojo:bugfix Mar 25, 2025
76 checks passed
@manuel-sommer manuel-sommer deleted the testssl_ref branch March 25, 2025 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @mtesauro @dogboat @hblankenship @Maffooch