Google Compute SSL Policy Weak Chyper Suits is Enabled

ID

gcp_compute_ssl_policy_weak_cipher

Severity

low

Vendor

GCP

Resource

Netwok

Tags

reachable

Description

Using TLS_1_1 is a risk because it has known vulnerabilities that can be exploited by attackers.

To fix it, you must configure the min_tls_version property of a SSL policy with at least TLS_1_2.

Learn more about this topic at Bringing Modern Transport Security to Google Cloud with TLS 1.3.

Examples

---
- name: create SSL policy
  google.cloud.gcp_compute_ssl_policy:
    name: object
    profile: CUSTOM
    min_tls_version: TLS_1_1
    custom_features:
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    project: project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Mitigation / Fix

---
- name: create SSL policy
  google.cloud.gcp_compute_ssl_policy:
    name: object
    profile: CUSTOM
    min_tls_version: TLS_1_2
    custom_features:
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    project: project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present