SLB Policy With Insecure TLS Version In Use

Query id: dbfc834a-56e5-4750-b5da-73fda8e73f70
Query name: SLB Policy With Insecure TLS Version In Use
Platform: Terraform
Severity: Medium
Category: Encryption
URL: Github

Description¶

SLB Policy should not support insecure versions of TLS protocol
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "alicloud_slb_tls_cipher_policy" "positive" {
  tls_cipher_policy_name = "Test-example_value"
  tls_versions           = ["TLSv1.1","TLSv1.2"]
  ciphers                = ["AES256-SHA","AES256-SHA256", "AES128-GCM-SHA256"]
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

resource "alicloud_slb_tls_cipher_policy" "negative" {
  tls_cipher_policy_name = "Test-example_value"
  tls_versions           = ["TLSv1.2","TLSv1.3"]
  ciphers                = ["AES256-SHA256", "AES128-GCM-SHA256","TLS_AES_256_GCM_SHA384"]
}