# Insecure TLS/SSL Configuration

- ID: go-insecure-tls-config
- Severity: HIGH
- CWE: Improper Certificate Validation (CWE-295)
- Languages: Go

## Description

TLS config uses InsecureSkipVerify, weak TLS version, or deprecated ciphers.

## Detection Message

TLS configuration disables security features or uses weak settings

## Remediation

Set MinVersion to TLS 1.2+ and never skip certificate verification.

```go
tlsConfig := &tls.Config{
    MinVersion:         tls.VersionTLS12,
    InsecureSkipVerify: false, // Always verify certificates
}
```

Learn more: https://shoulder.dev/learn/go/cwe-295/insecure-tls-config

## Documentation

[object Object]

## Related Rules

- **Insecure TLS/SSL Configuration** [HIGH]: 
- **SSL/TLS Certificate Validation Disabled** [HIGH]: 
- **SSL/TLS Certificate Verification Disabled** [HIGH]: