Google Compute SSL Policy Weak Cipher In Use
- Query id: b28bcd2f-c309-490e-ab7c-35fc4023eb26
- Query name: Google Compute SSL Policy Weak Cipher In Use
- Platform: Ansible
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
This query confirms if Google Compute SSL Policy Weak Chyper Suits is Enabled, to do so we need to check if TLS is TLS_1_2, because other version have Weak Chypers
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a SSL policy
google.cloud.gcp_compute_ssl_policy:
name: test_object
profile: CUSTOM
custom_features:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a SSL policy2
google.cloud.gcp_compute_ssl_policy:
name: test_object2
profile: CUSTOM
min_tls_version: TLS_1_1
custom_features:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a SSL policy
google.cloud.gcp_compute_ssl_policy:
name: test_object
profile: CUSTOM
min_tls_version: TLS_1_2
custom_features:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present