Certificate-Not-Sent/EN: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „=== <span style="color:#c31622">{{:{{PAGENAME}}/Headline}}<span>=== {| class="wikitable" |'''Check'''|| {{:{{PAGENAME}}/Negative}} |- |'''Beschreibung'''…“) |
|||
Zeile 15: | Zeile 15: | ||
[[Category:Siwecos-Scanner]] | [[Category:Siwecos-Scanner]] | ||
− | + | {{:{{PAGENAME}}/Category}} | |
[[Category:Glossar]] | [[Category:Glossar]] |
Version vom 8. März 2019, 08:19 Uhr
Verification of certificate transmission
Check | Server does not send a certificate |
Beschreibung | The server has not sent a certificate. This is unusual and should not occur. The server should check its TLS configuration and, if necessary, disable anonymous cipher suites. |
Hintergrund | It is theoretically possible to configure a TLS server so that it will not send a certificate to identify itself and only encrypt without signing its public key. A client that wants to connect to the server cannot check whether it is really communicating with the server it expects. This type of configuration is very rare. |
Auswirkung | Without a certificate for your website, attackers can listen in on your communication. Criminals could intercept your customers' personal data, such as passwords or credit card information. |
Lösung / Tipps | If Server does not send a certificate was reported, urgently update your TLS implementation. Current software no longer allows this type of configuration. |