AndroidTacticalAssaultKit-CIV icon indicating copy to clipboard operation
AndroidTacticalAssaultKit-CIV copied to clipboard

Published 20 hours ago verified publisher icon deptofdefense

Upgrade SSL connections to TLSv1.2

Open matt-msi opened this issue 3 years ago • 1 comments

We ran a Sonarqube scan on the project and it flagged usages of SSLContext.getInstance("SSL") as a critical level security vulnerability:

https://rules.sonarsource.com/java/tag/owasp/RSPEC-4423

Please consider upgrading to at least TLS v1.2 to mitigate this vulnerability.

matt-msi avatar Oct 29 '21 14:10 matt-msi

The submitted patch is currently in code review and has been targeted for 4.5.1 and forward.

bisgroves avatar Dec 08 '21 13:12 bisgroves