Certificate-Not-Sent/EN: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
Zeile 4: Zeile 4:
 
|'''Check'''|| {{:{{PAGENAME}}/Negative}}
 
|'''Check'''|| {{:{{PAGENAME}}/Negative}}
 
|-
 
|-
|'''Beschreibung'''||  {{:{{PAGENAME}}/Description}}
+
|'''Description'''||  {{:{{PAGENAME}}/Description}}
 
|-
 
|-
|'''Hintergrund'''||  {{:{{PAGENAME}}/Background}}
+
|'''Background'''||  {{:{{PAGENAME}}/Background}}
 
|-
 
|-
|'''Auswirkung'''||  {{:{{PAGENAME}}/Consequence}}
+
|'''Consequence'''||  {{:{{PAGENAME}}/Consequence}}
 
|-
 
|-
|'''Lösung / Tipps'''||  {{:{{PAGENAME}}/Solution_Tips}}
+
|'''Solution/Tips'''||  {{:{{PAGENAME}}/Solution_Tips}}
 
|}
 
|}
  
Zeile 16: Zeile 16:
 
[[Category:Siwecos-Scanner/EN]]
 
[[Category:Siwecos-Scanner/EN]]
 
{{:{{PAGENAME}}/Category}}
 
{{:{{PAGENAME}}/Category}}
[[Category:Glossar]]
 

Version vom 15. März 2019, 12:59 Uhr

Verification of certificate transmission

Check Server does not send a certificate
Description The server has not sent a certificate. This is unusual and should not occur. The server should check its TLS configuration and, if necessary, disable anonymous cipher suites.
Background It is theoretically possible to configure a TLS server so that it will not send a certificate to identify itself and only encrypt without signing its public key. A client that wants to connect to the server cannot check whether it is really communicating with the server it expects. This type of configuration is very rare.
Consequence Without a certificate for your website, attackers can listen in on your communication. Criminals could intercept your customers' personal data, such as passwords or credit card information.
Solution/Tips If Server does not send a certificate was reported, urgently update your TLS implementation. Current software no longer allows this type of configuration.