bandit/doc/old/ssl_tls.md

Avoid known weak or compromised SSL/TLS versions

Several well publicized vulnerabilities[0][1] have emerged in versions of SSL/TLS. It is strongly recommended that software utilizing SSL/TLS for secure transmissions should avoid the use of these known bad protocol versions. Developers and deployers wishing to know more should refer to [2].

• Avoid the use of all versions of SSL (versions 2, 3 and before)
• Avoid the use of TLS versions 1.0, 1.1

Correct

Good versions of TLS are defined in Python's built in ssl module as:

• 'PROTOCOL_SSLv23' only in conjunction with 'OP_NO_SSLv2' and 'OP_NO_SSLv3'
• 'PROTOCOL_TLSv1_2'

It is worth noting that TLS 1.2 is only available in more recent Python versions, specifically 2.7.9, 2.7.10, and 3.x

Good versions of TLS are defined in the pyOpenSSL package as:

• 'SSLv23_METHOD' only in conjunction with 'OP_NO_SSLv2' and 'OP_NO_SSLv3'
• 'TLSv1_2_METHOD'

Incorrect

Bad versions of SSL/TLS are defined in Python's built in ssl module as:

• 'PROTOCOL_SSLv2'
• 'PROTOCOL_SSLv3'
• 'PROTOCOL_TLSv1'
• 'PROTOCOL_TLSv1_1'

Bad versions of SSL/TLS are defined in the pyOpenSSL package as:

• 'SSLv2_METHOD'
• 'SSLv3_METHOD'
• 'TLSv1_METHOD'
• 'TLSv1_1_METHOD'

Consequences

The following consequences may arise from the use of bad SSL/TLS protocol versions:

• Unintended data leakage or theft
• System identity theft/impersonation (certificate theft)
• Burden caused by mass revocation of compromised certificates

References

• [0] http://heartbleed.com/
• [1] http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
• [2] https://security.openstack.org/guidelines/dg_strong-crypto.html