MASTG-TEST-0218: Insecure TLS Protocols in Network Traffic

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

While static analysis can identify configurations that allow insecure TLS versions, it may not accurately reflect the actual protocol used during live communications. This is because TLS version negotiation occurs between the client (app) and the server at runtime, where they agree on the most secure, mutually supported version.

By capturing and analyzing real network traffic, you can observe the TLS version actually negotiated and in use. This approach provides an accurate view of the protocol's security, accounting for the server’s configuration, which may enforce or limit specific TLS versions.

In cases where static analysis is either incomplete or infeasible, examining network traffic can reveal instances where insecure TLS versions (e.g., TLS 1.0 or TLS 1.1) are actively in use.

Steps

1. Set up Basic Network Monitoring/Sniffing (for Android) or Basic Network Monitoring/Sniffing (for iOS).
2. View the TLS version e.g., using Wireshark.

Observation

The output shows the actually used TLS version.

Evaluation

The test case fails if any insecure TLS version is used.