This rule raises an issue when an insecure TLS protocol version is used (ie: a protocol different from "TLSv1.2", "TLSv1.3", "DTLSv1.2" or "DTLSv1.3").
javax.net.ssl.SSLContext
library:
context = SSLContext.getInstance("TLSv1.1"); // Noncompliant
okhttp library:
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) .tlsVersions(TlsVersion.TLS_1_1) // Noncompliant .build();
javax.net.ssl.SSLContext
library:
context = SSLContext.getInstance("TLSv1.2"); // Compliant
okhttp library:
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) .tlsVersions(TlsVersion.TLS_1_2) // Compliant .build();