Remove weak TLS cipher suites | Critiq Docs

#Metadata

Rule ID: go.security.weak-tls-cipher
Severity: high
Confidence: 0.88
Languages: go
Presets: security, strict
Stability: experimental
Applies to: block
Tags: cryptography, go, rules-catalog, security, tls

#Why it matters

These ciphers are deprecated and break confidentiality (RC4 biases, Sweet32 against 3DES, NULL/export-grade weaknesses).

#Remediation

Drop RC4/DES/3DES/NULL/export ciphers. Prefer the TLS 1.3 defaults or modern AEAD suites such as `TLS_AES_128_GCM_SHA256`.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.weak-tls-cipher.rule.yaml.

Back to directory Open rule in repository