Reporte público de escaneoRepositorio
square/okhttp
Escaneado el 4 jun 2026
Puntuación de riesgo/ 100
Riesgo alto
Resumen
The OkHttp repository contains quantum-vulnerable cryptographic implementations in its TLS certificate management module. RSA and Elliptic Curve Cryptography are extensively used for certificate generation and key handling, which will become insecure against quantum computing attacks. While these appear to be primarily in testing and utility code rather than core TLS handshake logic, migration planning is essential for long-term security.
0
6
0
1
Hallazgos principales
- AltoPKCS#1 (RSA-based)
okhttp-tls/src/test/java/okhttp3/tls/HeldCertificateTest.kt:186
- AltoRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:30
ML-KEM (CRYSTALS-Kyber) for key encapsulation
- AltoRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:31
ML-KEM (CRYSTALS-Kyber) for key encapsulation
- AltoElliptic Curve Cryptography
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:29
- AltoRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:176
ML-KEM (CRYSTALS-Kyber) for key encapsulation
+ 2 hallazgos más en el reporte completo
Escanea tu propio repositorio
Gratis. Resultados en ~90 segundos. CBOM + PDF DORA/NIS2 incluidos.