Closed vivekananda8909 closed 11 months ago
Not sure, but this looks like a false positive to me. Because line 47 is only applying the cached socket factory. It doesn't change any security related stuff.
The socket factory is created in line 55. That's also where the blacklist is applied. You can check the 'TLSSocketFactory.Java' class. The given blacklisted names will be filtered from enabled protocols.
@silkimen
Thanks for the quick response. Anything you can also help us or confirm about these low priority flaws. These are in HttpRequest.java
Thanks in advance
Please use StackOverflow for this kind of questions.
@silkimen
We are using Veracode to find security vulnerabilities in our app. We got one issue "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')".
I followed the steps which you suggested in #423
Can you suggest any other alternate to fix Veracode scan issue.
Please find the screen shot for you reference.