Relatório público de scanRepositório
square/okhttp
Escaneado em 4 de jun. de 2026
Risk score/ 100
Risco alto
Resumo
The OkHttp repository contains quantum-vulnerable cryptographic implementations in its TLS certificate management module. RSA and Elliptic Curve Cryptography are extensively used for certificate generation and key handling, which will become insecure against quantum computing attacks. While these appear to be primarily in testing and utility code rather than core TLS handshake logic, migration planning is essential for long-term security.
0
6
0
1
Principais findings
- AltoPKCS#1 (RSA-based)
okhttp-tls/src/test/java/okhttp3/tls/HeldCertificateTest.kt:186
- AltoRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:30
ML-KEM (CRYSTALS-Kyber) for key encapsulation
- AltoRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:31
ML-KEM (CRYSTALS-Kyber) for key encapsulation
- AltoElliptic Curve Cryptography
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:29
- AltoRSA
okhttp-tls/src/main/kotlin/okhttp3/tls/HeldCertificate.kt:176
ML-KEM (CRYSTALS-Kyber) for key encapsulation
+ 2 findings no relatório completo
Escaneie seu próprio repositório
Grátis. Resultados em ~90 segundos. CBOM + PDF DORA/NIS2 inclusos.