{
    "id": "S026",
    "name": "Use TLS encryption for all inbound and outbound connections",
    "description": "Ensure all application connections use encrypted TLS protocol, with no fallback to insecure or unencrypted protocols. All inbound (API endpoints, webhooks) and outbound (external APIs, databases, partner systems) connections must use TLS 1.2 minimum.",
    "category": "security",
    "severity": "critical",
    "enabled": true,
    "engines": ["heuristic"],
    "enginePreference": ["heuristic"],
    "tags": ["security", "tls", "encryption", "https", "network", "connections"],
    "examples": {
        "valid": [
            "const client = new Client({ ssl: true });",
            "fetch('https://api.example.com/data');",
            "mongoose.connect('mongodb+srv://...');",
            "const redis = new Redis({ tls: {} });"
        ],
        "invalid": [
            "fetch('http://api.example.com/data');",
            "const client = new Client({ ssl: false });",
            "mongoose.connect('mongodb://localhost:27017');",
            "const redis = new Redis({ host: 'redis.example.com' }); // No TLS"
        ]
    },
    "fixable": false,
    "docs": {
        "description": "This rule ensures all application connections use TLS encryption. Covers inbound connections (API endpoints, web interfaces, webhooks), outbound connections (external APIs, databases, partner systems), and internal connections (monitoring, management tools, middleware, message queues). TLS 1.2 minimum required, prefer TLS 1.3. No fallback to HTTP or unencrypted protocols allowed.",
        "url": "https://owasp.org/Top10/A02_2021-Cryptographic_Failures/"
    }
}
