Support TLS1.3

Support for TLS1.3 added
dev-sec · Mar 13, 2020 · 08925b9 · 08925b9
1 parent b346785
commit 08925b9
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/controls/ssl_test.rb b/controls/ssl_test.rb
@@ -84,7 +84,7 @@
 
 #######################################################
 # Protocol Tests                                      #
-# Valid protocols are: tls1.2                         #
+# Valid protocols are: tls1.2, tls1.3                 #
 # Invalid protocols are : ssl2, ssl3, tls1.0, tls1.1  #
 #######################################################
 control 'ssl2' do
@@ -162,6 +162,21 @@
   end
 end
 
+control 'tls1.3' do
+  title 'Enable TLS 1.3 on exposed ports.'
+  impact 0.5
+  only_if { sslports.length > 0 }
+
+  sslports.each do |sslport|
+    # create a description
+    proc_desc = "on node == #{target_hostname} running #{sslport[:socket].process.inspect} (#{sslport[:socket].pid})"
+    describe ssl(sslport).protocols('tls1.3') do
+      it(proc_desc) { should be_enabled }
+      it { should be_enabled }
+    end
+  end
+end
+
 #######################################################
 # Key Exchange (Kx) Tests                             #
 # Valid Kx(s) are: ECDHE                              #