ssl-v3-is-insecure
insecure-module-used
net/http/cgi
is on the import blocklist. The package is vulnerable to httpoxy attacks (CVE-2015-5386). It is recommended to use net/http
or a web framework to build a web application instead.math-random-used
math/rand
. Use crypto/rand
instead.avoid-ssh-insecure-ignore-host-key
tls-with-insecure-cipher
use-of-weak-rsa-key
missing-ssl-minversion
MinVersion
is missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. Add `MinVersion: tls.VersionTLS13’ to the TLS configuration to bump the minimum version to TLS 1.3.use-of-md5
use-of-sha1
use-of-DES
use-of-rc4