Skip to content

Commit

Permalink
added encrypted client hello to 9.4 to resolve OWASP#2358 (OWASP#2382)
Browse files Browse the repository at this point in the history
  • Loading branch information
danielcuthbert authored Nov 18, 2024
1 parent ec99804 commit 50028a3
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions 5.0/en/0x17-V9-Communications.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ Use secure TLS configuration and up-to-date tools to review the configuration on
| **9.4.1** | [MODIFIED, MOVED FROM 9.1.2] Verify that only the latest recommended cipher suites are enabled, with the strongest cipher suites set as preferred. |||| 326 |
| **9.4.2** | [MOVED FROM 9.1.3] Verify that only the latest recommended versions of the TLS protocol are enabled, such as TLS 1.2 and TLS 1.3. The latest version of the TLS protocol should be the preferred option. |||| 326 |
| **9.4.3** | [MOVED FROM 9.2.4] Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured. | ||| 299 |
| **9.4.4** | [ADDED] Verify that Encrypted Client Hello (ECH) is supported and properly configured within the application’s TLS settings to prevent exposure of sensitive metadata, such as the Server Name Indication (SNI), during TLS handshake processes. | | || |

## References

Expand Down

0 comments on commit 50028a3

Please sign in to comment.