The ‘ssl’ module disables insecure cipher suites by default. Therefore, use of ‘set_ciphers()’ should only be used when you have very specialized requirements. Otherwise, you risk lowering the security of the SSL channel. Likelihood: LOW Confidence: LOW CWE: - CWE-326: Inadequate Encryption Strength
OWASP: - A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures