Insecure-transport
Ssl
no-set-ciphers
no-set-ciphers
The ‘ssl’ module disables insecure cipher suites by default. Therefore, use of ‘set_ciphers()’ should only be used when you have very specialized requirements. Otherwise, you risk lowering the security of the SSL channel.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures