Google Compute SSL Policy Weak Cipher In Use

  • Query id: 965e8830-2bec-4b9b-a7f0-24dbc200a68f
  • Query name: Google Compute SSL Policy Weak Cipher In Use
  • Platform: Pulumi
  • Severity: Medium
  • Category: Encryption
  • CWE: 326
  • URL: Github

Description

This query confirms if Google Compute SSL Policy Weak Chyper Suits is Enabled, to do so we need to check if TLS is TLS_1_2, because other version have Weak Chypers
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: gcp:compute:SSLPolicy
    properties:
---
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: gcp:compute:SSLPolicy
    properties:
      minTlsVersion: TLS_1_1

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: gcp:compute:SSLPolicy
    properties:
      minTlsVersion: TLS_1_2