diff --git a/rules/tls.go b/rules/tls.go index cbcca56..a323c8f 100644 --- a/rules/tls.go +++ b/rules/tls.go @@ -130,8 +130,10 @@ func NewModernTlsCheck(conf map[string]interface{}) (gas.Rule, []ast.Node) { goodCiphers: []string{ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", }, }, []ast.Node{(*ast.CompositeLit)(nil)} }