Loading controls...
Control: SSL/TLS servers should avoid using insecure protocols
Description
There are six protocols in the SSL/TLS family: SSL v2, SSL v3, TLS v1.0, TLS v1.1, TLS v1.2, and TLS v1.3. It is recommended to use secure protocols (i.e. TLS v1.2 or TLS v1.3), since these versions offers modern authenticated encryption, improved latency and don't have obsolete features like cipher suites. TLS v1.0 and TLS v1.1 are legacy protocol and shouldn't be used.
Usage
Run the control in your terminal:
steampipe check net_insights.control.ssl_use_secure_protocol
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share net_insights.control.ssl_use_secure_protocol
Plugins & Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | domain_names |
| DNS domain names. |
SQL
with domain_list as ( select domain, concat(domain, ':443') as address from jsonb_array_elements_text(to_jsonb($1 :: text [ ])) as domain),check_insecure_protocol as ( select address, count(*) from net_tls_connection where address in ( select address from domain_list ) and version in ('TLS v1.0', 'TLS v1.1') and handshake_completed group by address)select d.domain as resource, case when i.address is null or i.count < 1 then 'ok' else 'alarm' end as status, case when i.address is null or i.count < 1 then d.domain || ' doesn''t support insecure protocols.' else d.domain || ' supports insecure protocols.' end as reasonfrom domain_list as d left join check_insecure_protocol as i on d.address = i.address;