Reject SSLv2 and SSLv3 protocols | Critiq Docs

#Metadata

Rule ID: go.security.insecure-ssl-protocol
Severity: high
Confidence: 0.9
Languages: go
Presets: security, strict
Stability: experimental
Applies to: block
Tags: cryptography, go, rules-catalog, security, tls

#Why it matters

SSLv2 and SSLv3 contain unrecoverable cryptographic weaknesses (POODLE, DROWN) and must not be negotiated.

#Remediation

Use `tls.VersionTLS12` or `tls.VersionTLS13` instead of SSL legacy constants or string literals.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.insecure-ssl-protocol.rule.yaml.

Back to directory Open rule in repository