Aus Siwecos
Wechseln zu: Navigation, Suche

Check for weak encryption functions

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Weak EXPORT encryption not supported
Result negativ Weak EXPORT encryption supported
Description Your web server/website is configured to support intentionally insecure encryption methods (cipher suite). This makes you vulnerable to man-in-the-middle-attacks.
Background The term cipher suite stands for a collection of cryptographic methods. This collection contains the key exchange method, the signature method, the encryption, and cryptographic hash functions. This combination of cryptographic components ensures that there is a secure connection for the communication between two parties, for example your browser and a web server or website. In the TLS protocol (Transport Layer Security), the cipher suite determines which algorithms are used to establish a secure data connection, and it ensures that the connection is secure.
Consequence If a weak encryption method is used, attackers can easily decode the communication between your website and your customer's browser. In this way, information such as passwords, data entered in forms, or credit card information can be intercepted and misused for criminal purposes. This type of attack is called man-in-the-middle-attack.
Solution/Tips If Weak EXPORT encryption supported was reported, deactivate support for EXPORT encryption methods on the web server.