Why This Issue Is Important
When the protocols for connecting to a target system are not explicitly specified in an Apigee proxy, there is a risk that insecure protocols, such as SSLv3, might be used. SSLv3 and other outdated protocols are vulnerable to various security threats, including the POODLE attack, which can compromise the security of the communication channel between Apigee and the target system. If insecure protocols are used, the data transmitted could be intercepted, altered, or exposed to unauthorized parties through Man-in-the-Middle (MITM) attacks, leading to a significant breach of data confidentiality and integrity.
To ensure secure communication, it is essential to specify the use of strong, modern protocols such as TLSv1.2 or TLSv1.3. Failing to do so violates security requirements that mandate the use of established secure communication protocols and industrial-strength encryption techniques to protect sensitive data during transmission.
How This Issue Is Detected
CodeSent detects this issue by analyzing the target system configuration within the proxy to check whether the TLS protocol is explicitly specified
How to Fix the Issue
To fix this issue, you should explicitly specify the TLS version in the target system configuration to ensure that only secure protocols are used.
<HTTPTargetConnection>
<SSLInfo>
...
<Protocols>
<Protocol>TLSv1.2</Protocol>
</Protocols>
...
</SSLInfo>
</HTTPTargetConnection>