Certificate-Not-Sent-SMTP MSA/EN

Aus Siwecos
Version vom 7. Mai 2020, 11:39 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Verification of certificate transmission

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Server send a certificate
Result negativ Server does not send a certificate
Description The server has not sent any certificate. This is unusual and should not happen. The server should check its TLS configuration and disable anonymous cipher suites if necessary.
Background It is theoretically possible to configure a TLS server so that it does not send any certificate to identify itself and only encrypts it without signing its Public Key. A client who wants to connect to the server cannot check if he is really talking to the server he expects. This type of configuration is extremely rare.
Consequence Without certificate attackers can spy on your communication. Criminals could anonymously access your customers' personal data such as passwords.
Solution/Tips If Server does not send certificate was reported, update the TLS implementation you used urgently. Modern software no longer allows this type of configuration.