i2p.i2p
i2p.i2p copied to clipboard
Inadequate Encryption Strength CVE multiables
if (_log.shouldLog(Log.INFO)) _log.info("Loaded total of " + totalAdds + " new trusted certificates");
try {
SSLContext sslc = SSLContext.getInstance("TLS");
line:430
Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance. [core/java/src/net/i2p/util/SSLEepGet.java]
return false;
}
InputStream fis = null;
try {
SSLContext sslc = SSLContext.getInstance("TLS");
line:141
Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance. [router/java/src/net/i2p/router/client/SSLClientListenerRunner.java]
// don't continue, since we didn't load the system keystore, we have nothing.
throw new GeneralSecurityException(msg);
}
529: SSLContext sslc = SSLContext.getInstance("TLS");
Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance. [core/java/src/net/i2p/util/I2PSSLSocketFactory.java]
}
InputStream fis = null;
try {
#198 SSLContext sslc = SSLContext.getInstance("TLS");
Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance. [apps/i2ptunnel/java/src/net/i2p/i2ptunnel/SSLClientUtil.java]
}
InputStream fis = null;
try {
SSLContext sslc = SSLContext.getInstance("TLS");
163:
[apps/sam/java/src/net/i2p/sam/client/SSLUtil.java]
}
InputStream fis = null;
try {
SSLContext sslc = SSLContext.getInstance("TLS");
162: [apps/sam/java/src/net/i2p/sam/SSLUtil.java
learn how to fix https://learn.snyk.io/lesson/insecure-hash/?authenticate=automatic
This is likely not something we can fix in a way which will satisfy the scanner you're using, because of the TLS ladder being pulled up behind .onion
services. We have to allow self-signed certificates and we have to silently accept self-signed SSL certificates when they come from I2P hostnames in eepget/ssleepget. However if using a more modern library can satisfy our requirement then maybe it's worth it. Leaving it open for further consideration.
This is likely not something we can fix in a way which will satisfy the scanner you're using, because of the TLS ladder being pulled up behind
.onion
services. We have to allow self-signed certificates and we have to silently accept self-signed SSL certificates when they come from I2P hostnames in eepget/ssleepget. However if using a more modern library can satisfy our requirement then maybe it's worth it. Leaving it open for further consideration.
why not make a bunch of real certificate hosts bascily people everyone verifies each others certs