Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.cryptography

Avoid weak TLS cipher suites

Rust TLS configuration must not include cipher suites using RC4, 3DES, NULL, or EXPORT algorithms.

#Metadata

Rule ID
rust.security.weak-tls-cipher
Severity
high
Confidence
0.85
Languages
rust
Presets
security, strict
Stability
experimental
Applies to
block
Tags
cryptography, rules-catalog, rust, security, tls

#Why it matters

Weak cipher suites are vulnerable to practical attacks and should not be negotiated.

#Remediation

Use modern AEAD cipher suites such as TLS_AES_128_GCM_SHA256 or TLS_CHACHA20_POLY1305_SHA256.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/rust/rust.security.weak-tls-cipher.rule.yaml.

Back to directoryOpen rule in repository