[jira] [Created] (JCLOUDS-1570) Usage of TLS is insecure

Md Mahir Asef Kabir (Jira) Fri, 26 Mar 2021 13:22:27 -0700

Md Mahir Asef Kabir created JCLOUDS-1570:
--------------------------------------------


             Summary: Usage of TLS is insecure
                 Key: JCLOUDS-1570
                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1570
             Project: jclouds
          Issue Type: Improvement
            Reporter: Md Mahir Asef Kabir


Description: In 
“apis/docker/src/main/java/org/jclouds/docker/suppliers/SSLContextBuilder.java” 
file the following code was written in line 107

SSLContext sslContext = SSLContext.getInstance("TLS");

The vulnerability is, using "TLS” as the argument to SSLContext.getInstance 
method.


Security Impact: TLS 1.0 is vulnerable to man-in-the-middle attacks.

 

Useful Resources: 
https://www.comodo.com/e-commerce/ssl-certificates/tls-1-deprecation.php


Solution we suggest: Using SSLContext.getInstance("TLSv1.3").


Please share with us your opinions/comments if there is any:

Is the bug report helpful?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (JCLOUDS-1570) Usage of TLS is insecure

Reply via email to