fix(aws): remove SHA-1 from ACM insecure key algorithms (#7547)

This commit is contained in:
Felix Dreissig
2025-04-18 22:25:44 +02:00
committed by GitHub
parent 4f3496194d
commit 0b6aa0ddcd
5 changed files with 1 additions and 5 deletions
-1
View File
@@ -399,7 +399,6 @@ mainConfig:
[
"RSA-1024",
"P-192",
"SHA-1",
]
# AWS EKS Configuration
-1
View File
@@ -327,7 +327,6 @@ aws:
[
"RSA-1024",
"P-192",
"SHA-1",
]
# AWS EKS Configuration
@@ -14,7 +14,7 @@ class acm_certificates_with_secure_key_algorithms(Check):
report.status = "PASS"
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} uses a secure key algorithm ({certificate.key_algorithm})."
if certificate.key_algorithm in acm_client.audit_config.get(
"insecure_key_algorithms", ["RSA-1024", "P-192", "SHA-1"]
"insecure_key_algorithms", ["RSA-1024", "P-192"]
):
report.status = "FAIL"
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} does not use a secure key algorithm ({certificate.key_algorithm})."
-1
View File
@@ -297,7 +297,6 @@ config_aws = {
"insecure_key_algorithms": [
"RSA-1024",
"P-192",
"SHA-1",
],
"eks_required_log_types": [
"api",
-1
View File
@@ -317,7 +317,6 @@ aws:
[
"RSA-1024",
"P-192",
"SHA-1",
]
# AWS EKS Configuration