Skip to content

Hystrix Metrics Stream - Weak SSL/TLS protocols should not be used (2.x) #565

Closed
Closed
Hystrix Metrics Stream - Weak SSL/TLS protocols should not be used (2.x)#565
Assignees
TimHess
Labels
Component/CircuitBreakerIssues related to Steeltoe.CircuitBreakerReleaseLine/2.xIdentified as a feature/fix for the 2.x release line
Milestone
2.5.3
@TimHess

Description

@TimHess
TimHess
opened on Jan 13, 2021

Insecure versions of SSL/TLS shouldn't be used anymore. Update the metrics stream configurations to use TLS 1.2+

Per Sonar: This rule raises an issue when an SSL/TLS is configured at application level with an insecure version (ie: a protocol different from "TLSv1.2" or "TLSv1.3").

Addressed in #564

Note: since these packages in Steeltoe 2.x target .NET Standard 2.0, TLS 1.3 is not available so the only option is TLS 1.2

Metadata

Metadata

Assignees

Labels

Component/CircuitBreakerIssues related to Steeltoe.CircuitBreakerReleaseLine/2.xIdentified as a feature/fix for the 2.x release line

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions