This page is not yet available in Spanish. We are working on its translation. If you have any questions or feedback about our current translation project, feel free to reach out to us!
This rule enforces the use of secure Transport Layer Security (TLS) versions in Kotlin applications. TLS is a protocol that ensures privacy and data integrity between applications communicating over a network. Older versions of TLS, specifically versions 1.0 and 1.1, have known vulnerabilities and are no longer considered secure.
Failing to use a secure TLS version can expose sensitive information to attackers and compromise the security of your application. It’s crucial to ensure that your Kotlin application is configured to use a secure TLS version.
To adhere to this rule, always use TLS version 1.2 or 1.3 in your Kotlin code. For example, when using the OkHttpClient library, you can specify the TLS version by using the ConnectionSpec.MODERN_TLS or by manually setting the SSLContext to TLSv1.2 or TLSv1.3. Avoid using ConnectionSpec.COMPATIBLE_TLS, which allows for the use of insecure TLS versions.
importjavax.net.ssl.SSLContext// Use TLS 1.2 or 1.3
valsslContext=SSLContext.getInstance("TLSv1.2")// TLSv1.3 also acceptable
// Configure OkHttpClient with strong TLS
valclient=OkHttpClient.Builder().sslSocketFactory(sslContext.socketFactory).build()
Integraciones sin problemas. Prueba Datadog Code Security
Datadog Code Security
Prueba esta regla y analiza tu código con Datadog Code Security
Cómo usar esta regla
1
2
rulesets:- kotlin-security # Rules to enforce Kotlin security.
Crea un static-analysis.datadog.yml con el contenido anterior en la raíz de tu repositorio
Utiliza nuestros complementos del IDE gratuitos o añade análisis de Code Security a tus pipelines de CI.
