|
Details
|
|
Alert ID
|
10205-1 |
|
Alert Type
|
Active |
|
Status
|
alpha |
|
Risk
|
Informational |
|
CWE
|
311
|
|
WASC
|
4 |
|
Technologies Targeted
|
All
|
|
Tags
|
CWE-311
|
|
More Info
|
Scan Rule Help
|
Summary
Performs HTTPS configuration analysis including certificate details and supported cipher suites.
Solution
Review the HTTPS configuration details and ensure certificates are valid and cipher suites are appropriately configured.
Other Info
Server: example.com Server Certificate(s): Subject DN: CN=example.com Signing Algorithm: SHA256withRSA Certificate Fingerprint: AA:BB:CC:... Issuer DN: CN=example.com Not Valid Before: Not Valid After: Certificate Serial Number: 0 Certificate Version: 3 Self Signed Certificate: false Cipher Suites Supported: TLS_AES_256_GCM_SHA384(STRONG,TLSv1.3) TLS_CHACHA20_POLY1305_SHA256(STRONG,TLSv1.3)
References
Code
org/zaproxy/zap/extension/httpsinfo/HttpsConfigScanRule.java