Unencrypted-Communication-POP3S/EN
Check for NULL ciphers
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | Unsecure NULL ciphers supported |
Result negativ | Unsecure NULL ciphers supported |
Description | Your server is configured to allow unencrypted communication over a protected channel. This allows man-in-the-middle attacks. |
Background | The term Cipher Suite stands for a collection of cryptographic methods used (encryption of information). This collection includes the key exchange procedure, the signature procedure, the encryption and cryptographic hash functions. This combination of cryptographic components ensures a secure connection between two parties, e.g. your mail program and a server. In the TLS protocol, the cipher suite (cryptographic procedure) determines which algorithms are to be used to establish a secure data connection and is responsible for the security of the connection. |
Consequence | Attackers can easily decrypt the communication between your server and the mail program using a weak encryption methodology. This can be used, for example, to read passwords, e-mails or credit card information and misuse them for criminal purposes. |
Solution/Tips | If insecure NULL ciphers supported was reported, disable support for NULL encryption methods. |