-
Notifications
You must be signed in to change notification settings - Fork 13
Open
Description
Description
Detected SSL that will accept an unverified connection. This makes the connections susceptible to man-in-the-middle attacks.
Used below verify mode.
..
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
..
Effected source files:
http.verify_mode = OpenSSL::SSL::VERIFY_NONE |
sensu-plugins-nginx/bin/metrics-nginx.rb
Line 88 in d251f3a
http.verify_mode = OpenSSL::SSL::VERIFY_NONE |
Remediation
- Use 'OpenSSL::SSL::VERIFY_PEER' instead.
Metadata
Metadata
Assignees
Labels
No labels