Loading controls...

Control: SSL/TLS servers should avoid using RC4 cipher suites

Description

RC4 is a stream cipher, and it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to cyber attacks. RC4 is demonstrably broken, weak and unsafe to use in TLS as currently implemented.

Usage

Run the control in your terminal:

steampipe check net_insights.control.ssl_avoid_using_rc4_cipher_suite

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share net_insights.control.ssl_avoid_using_rc4_cipher_suite

Plugins & Tables

net_tls_connection

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

with domain_list as (
  select
    domain,
    concat(domain, ':443') as address
  from
    jsonb_array_elements_text(to_jsonb($1 :: text [ ])) as domain
),
check_rc4_cipher as (
  select
    address,
    count(*)
  from
    net_tls_connection
  where
    address in (
      select
        address
      from
        domain_list
    )
    and cipher_suite_name in (
      'TLS_RSA_WITH_RC4_128_SHA',
      'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA',
      'TLS_ECDHE_RSA_WITH_RC4_128_SHA'
    )
    and handshake_completed
  group by
    address
)
select
  d.domain as resource,
  case
    when i.address is null
    or i.count < 1 then 'ok'
    else 'alarm'
  end as status,
  case
    when i.address is null
    or i.count < 1 then d.domain || ' does not use RC4 cipher suites.'
    else d.domain || ' uses RC4 cipher suites.'
  end as reason
from
  domain_list as d
  left join check_rc4_cipher as i on d.address = i.address;

turbot/net_insights

Control: SSL/TLS servers should avoid using RC4 cipher suites

Description

Usage

Plugins & Tables

Params

SQL

Steampipe

Resources

Community