boost::asio use of deprecated hardcoded protocol¶

Name: boost::asio use of deprecated hardcoded protocol — CodeQL query help documentation
Rating: 4.6 (569 reviews)

ID: cpp/boost/use-of-deprecated-hardcoded-security-protocol Kind: problem Security severity: 7.5 Severity: error Precision: medium Tags: - security - external/cwe/cwe-327 Query suites: - cpp-security-extended.qls - cpp-security-and-quality.qls 

Click to see the query in the CodeQL repository

Using boost::asio library but specifying a deprecated hardcoded protocol.

Recommendation¶

Only use modern protocols such as TLS 1.2 or TLS 1.3.

Example¶

In the following example, the sslv2 protocol is specified. This protocol is out of date and its use is not recommended.

voiduseProtocol_bad(){boost::asio::ssl::contextctx_sslv2(boost::asio::ssl::context::sslv2);// BAD: outdated protocol// ...}

In the corrected example, the tlsv13 protocol is used instead.

voiduseProtocol_good(){boost::asio::ssl::contextcxt_tlsv13(boost::asio::ssl::context::tlsv13);// ...}

References¶

Boost.Asio documentation.
Common Weakness Enumeration: CWE-327.

© GitHub, Inc.
Terms
Privacy