Support TLS1.3

micheelengronne · micheelengronne · commit 49374a08bd84 · 2020-03-13T10:51:06.000+01:00
Support for TLS1.3 added

Signed-off-by: Michée Lengronne &lt;michee.lengronne@coppint.com&gt;
diff --git a/controls/ssl_test.rb b/controls/ssl_test.rb
@@ -84,7 +84,7 @@
 
 #######################################################
 # Protocol Tests                                      #
-# Valid protocols are: tls1.2                         #
+# Valid protocols are: tls1.2, tls1.3                 #
 # Invalid protocols are : ssl2, ssl3, tls1.0, tls1.1  #
 #######################################################
 control 'ssl2' do
@@ -162,6 +162,21 @@
   end
 end
 
+control 'tls1.3' do
+  title 'Enable TLS 1.3 on exposed ports.'
+  impact 0.5
+  only_if { sslports.length > 0 }
+
+  sslports.each do |sslport|
+    # create a description
+    proc_desc = "on node == #{target_hostname} running #{sslport[:socket].process.inspect} (#{sslport[:socket].pid})"
+    describe ssl(sslport).protocols('tls1.3') do
+      it(proc_desc) { should be_enabled }
+      it { should be_enabled }
+    end
+  end
+end
+
 #######################################################
 # Key Exchange (Kx) Tests                             #
 # Valid Kx(s) are: ECDHE                              #
