gitlab.bandit.B502.B503

385
Download Count*
MIT
License

An insecure SSL version was detected. TLS versions 1.0, 1.1, and all SSL versions are considered weak encryption and are deprecated. Use 'ssl.PROTOCOL_TLSv1_2' or higher.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: bandit.B502.B503
    patterns:
      - pattern-either:
          - pattern: ssl.PROTOCOL_SSLv2
          - pattern: ssl.PROTOCOL_SSLv3
          - pattern: ssl.PROTOCOL_TLSv1
          - pattern: ssl.PROTOCOL_TLSv1_1
          - pattern: pyOpenSSL.SSL.SSLv2_METHOD
          - pattern: pyOpenSSL.SSL.SSLv23_METHOD
          - pattern: pyOpenSSL.SSL.SSLv3_METHOD
          - pattern: pyOpenSSL.SSL.TLSv1_METHOD
          - pattern: pyOpenSSL.SSL.TLSv1_1_METHOD
    message: >
      An insecure SSL version was detected. TLS versions 1.0, 1.1, and all SSL
      versions

      are considered weak encryption and are deprecated.

      Use 'ssl.PROTOCOL_TLSv1_2' or higher.
    metadata:
      cwe: "CWE-326: Inadequate Encryption Strength"
      owasp: "A3: Sensitive Data Exposure"
      license: MIT
    severity: WARNING
    languages:
      - python