DNSSEC Using RSASHA1
- Query id: 6cf4c3a7-ceb0-4475-8892-3745b84be24a
- Query name: DNSSEC Using RSASHA1
- Platform: Ansible
- Severity: Medium
- Category: Encryption
- CWE: 326
- URL: Github
Description¶
DNSSEC should not use the RSASHA1 algorithm
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: create a managed zone
google.cloud.gcp_dns_managed_zone:
name: test_object
dns_name: test.somewild2.example.com.
description: test zone
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
dnssec_config:
defaultKeySpecs:
algorithm: RSASHA1
state: off
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a managed zone
google.cloud.gcp_dns_managed_zone:
name: test_object
dns_name: test.somewild2.example.com.
description: test zone
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present
dnssec_config:
defaultKeySpecs:
algorithm: RSASHA256
state: off