Aus Siwecos
Version vom 7. Mai 2020, 11:39 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Verification of certificate transmission

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Server sends a certificate
Result negativ Server does not send a certificate
Description The server did not send a certificate. This is unusual and should not happen. You should check the TLS configuration of your server and disable anonymous cipher suites if necessary.
Background It is theoretically possible to configure a TLS server so that it does not send a certificate to identify itself and only encrypts without signing its public key. A client that wants to connect to the server cannot check if it is really talking to the server it expects. This type of configuration is extremely rare.
Consequence Without certificate attackers can eavesdrop on your communication. Criminals could anonymously access your customers' personal data such as passwords.
Solution/Tips If Server does not send certificate was reported, update your TLS implementation urgently. Modern software no longer allows this type of configuration.