Skip to content

rsyslog: use ssl.create_default_context for secure TLS#192

Open
dogukancagatay wants to merge 1 commit intomasterfrom
dogukancagatay/fix-insecure-ssl-tls-protocol-rsyslogd
Open

rsyslog: use ssl.create_default_context for secure TLS#192
dogukancagatay wants to merge 1 commit intomasterfrom
dogukancagatay/fix-insecure-ssl-tls-protocol-rsyslogd

Conversation

@dogukancagatay
Copy link
Contributor

@dogukancagatay dogukancagatay commented Mar 10, 2026

Replace manual ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) with
ssl.create_default_context(), which is the Python-recommended
factory for creating secure TLS contexts. This resolves the
CodeQL py/insecure-protocol alert (CWE-327) as CodeQL recognizes
create_default_context as inherently safe.

This resolves the CodeQL alert for CWE-327 (use of a broken or
weak cryptographic algorithm).

@dogukancagatay
rsyslog: use ssl.create_default_context for secure TLS
652975d 
Replace manual ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) with
ssl.create_default_context(), which is the Python-recommended
factory for creating secure TLS contexts. This resolves the
CodeQL py/insecure-protocol alert (CWE-327) as CodeQL recognizes
create_default_context as inherently safe.

This resolves the CodeQL alert for CWE-327 (use of a broken or
weak cryptographic algorithm).
@dogukancagatay dogukancagatay marked this pull request as ready for review March 10, 2026 16:49
@dogukancagatay dogukancagatay requested review from a team and italomg March 10, 2026 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@italomg italomg Awaiting requested review from italomg

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dogukancagatay