search

jopenlibs / vault-java-driver

Zero-dependency Java client for HashiCorp's Vault
https://jopenlibs.github.io/vault-java-driver
26 stars 18 forks source link

[BUG] TLS Version is set as minimum supported to JVM #45

Closed Harishdr27 closed 11 months ago

Harishdr27 commented 1 year ago

Describe the bug security scan complains about implementation of TLS.
SSLContext.getInstance("TLS")

rest/Rest.java 79 SslConfig.java 581 SslConfig.java 646

This can be change changed to a newer version of TLS as an example to resolve the vulnerability

from SSLContext.getInstance("TLS")
to SSLContext.getInstance("TLSv1.2").

To Reproduce

henryx commented 11 months ago

Thank you for reporting, I've set minimum TLS version as 1.2