This repository has been archived by the owner on Sep 11, 2019. It is now read-only.
New Rule: Detect usage of old SSL implementations in the Security Manager #81
Milestone
Comments
|
I have a big dilemma ..
|
|
I'd make it to detect the explicit enablement of old standards.
It would be nice to detect non-enablement of tls12 in Net prior to 4.5.2,
but as tls12 is enabled by default in 4.6 and up, it's not too bad.
…On Aug 18, 2017 22:17, "Philippe Arteau" ***@***.***> wrote:
I have a big dilemma ..
- Should we expect that this settings be define before every
connections.
- Somewhere in the initialization..
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#81 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AD-uSyG3zVrCVSIZUa0ClGoDN6K7mqnTks5sZfFCgaJpZM4OMYeJ>
.
|
|
Thanks for the precision. |
|
The older projects should be easily detectable by the presence of the TLS12 enum value. Basically it's recommended to not enable anything below TLS11 |
|
Microsoft has actually released a nice doc with good and bad pracices: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls |
|
For reference this issue was move to security-code-scan/security-code-scan#10 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://stackoverflow.com/a/28333370/736079
And for .NET 4.5.2 tell people to turn on TLS1.2, as it's turned off by default.
The text was updated successfully, but these errors were encountered: