TlsConfigurationModern [check] v0.1.0

Label

TLS configuration meets modern profile (TLS 1.2+, AEAD ciphers, HSTS)

Assertion

Public-facing endpoints accept only TLS 1.2 and TLS 1.3 with AEAD cipher suites; HTTP requests redirect to HTTPS; HSTS is enabled with a long max-age (≥ 1 year) and includes-subdomains; the certificate chain is valid and short-lived (≤ 90 days, automated renewal).

Evidence

• Run testssl.sh or Mozilla SSL Configuration generator's 'modern' profile against the endpoint — no warnings.
• TLS 1.0, 1.1, SSLv3, SSLv2 disabled.
• Cipher suites limited to AEAD: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256 and ECDHE-RSA/ECDSA-AES-GCM family.
• Strict-Transport-Security: max-age=31536000; includeSubDomains; preload on every HTTPS response.
• Plain HTTP redirects to HTTPS with 301; no mixed-content references in HTML.
• Certificate auto-renewed (Let's Encrypt / ACME) with monitoring on expiry < 14 days.

Failure Mode

A coffee-shop network attacker downgrades the connection to plaintext or a weak cipher and reads or modifies traffic. Users see 'https://' if HSTS is absent; with HSTS the browser refuses the downgrade.

TlsConfigurationModern [check] v0.1.0

Label

TLS configuration meets modern profile (TLS 1.2+, AEAD ciphers, HSTS)

Assertion

Public-facing endpoints accept only TLS 1.2 and TLS 1.3 with AEAD cipher suites; HTTP requests redirect to HTTPS; HSTS is enabled with a long max-age (≥ 1 year) and includes-subdomains; the certificate chain is valid and short-lived (≤ 90 days, automated renewal).

Evidence

• Run testssl.sh or Mozilla SSL Configuration generator's 'modern' profile against the endpoint — no warnings.
• TLS 1.0, 1.1, SSLv3, SSLv2 disabled.
• Cipher suites limited to AEAD: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256 and ECDHE-RSA/ECDSA-AES-GCM family.
• Strict-Transport-Security: max-age=31536000; includeSubDomains; preload on every HTTPS response.
• Plain HTTP redirects to HTTPS with 301; no mixed-content references in HTML.
• Certificate auto-renewed (Let's Encrypt / ACME) with monitoring on expiry < 14 days.

Failure Mode

A coffee-shop network attacker downgrades the connection to plaintext or a weak cipher and reads or modifies traffic. Users see 'https://' if HSTS is absent; with HSTS the browser refuses the downgrade.

Rationale

TLS 1.0 / 1.1 and unauthenticated cipher modes have known weaknesses (BEAST, padding oracles, downgrade). HSTS prevents downgrade to plaintext on first request after the policy is cached. Without these, a network attacker can intercept or modify traffic the application thinks is private.

Label

TLS configuration meets modern profile (TLS 1.2+, AEAD ciphers, HSTS)

Assertion

Public-facing endpoints accept only TLS 1.2 and TLS 1.3 with AEAD cipher suites; HTTP requests redirect to HTTPS; HSTS is enabled with a long max-age (≥ 1 year) and includes-subdomains; the certificate chain is valid and short-lived (≤ 90 days, automated renewal).

Evidence

• Run testssl.sh or Mozilla SSL Configuration generator's 'modern' profile against the endpoint — no warnings.
• TLS 1.0, 1.1, SSLv3, SSLv2 disabled.
• Cipher suites limited to AEAD: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256 and ECDHE-RSA/ECDSA-AES-GCM family.
• Strict-Transport-Security: max-age=31536000; includeSubDomains; preload on every HTTPS response.
• Plain HTTP redirects to HTTPS with 301; no mixed-content references in HTML.
• Certificate auto-renewed (Let's Encrypt / ACME) with monitoring on expiry < 14 days.

Failure Mode

A coffee-shop network attacker downgrades the connection to plaintext or a weak cipher and reads or modifies traffic. Users see 'https://' if HSTS is absent; with HSTS the browser refuses the downgrade.