Control: SSL/TLS servers should avoid using RC4 cipher suites
Description
RC4 is a stream cipher, and it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to cyber attacks. RC4 is demonstrably broken, weak and unsafe to use in TLS as currently implemented.
Usage
Run the control in your terminal:
powerpipe control run net_insights.control.ssl_avoid_using_rc4_cipher_suiteSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run net_insights.control.ssl_avoid_using_rc4_cipher_suite --shareSteampipe Tables
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | domain_names | | DNS domain names. |
SQL
with domain_list as ( select domain, concat(domain, ':443') as address from jsonb_array_elements_text(to_jsonb($1::text[])) as domain),check_rc4_cipher as ( select address, count(*) from net_tls_connection where address in (select address from domain_list) and cipher_suite_name in ('TLS_RSA_WITH_RC4_128_SHA', 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 'TLS_ECDHE_RSA_WITH_RC4_128_SHA') and handshake_completed group by address)select d.domain as resource, case when i.address is null or i.count < 1 then 'ok' else 'alarm' end as status, case when i.address is null or i.count < 1 then d.domain || ' does not use RC4 cipher suites.' else d.domain || ' uses RC4 cipher suites.' end as reasonfrom domain_list as d left join check_rc4_cipher as i on d.address = i.address;