Insecure-Encryption-Function RC4/EN

Aus Siwecos
Version vom 7. Mai 2020, 10:39 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for RC4 encryption method

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Outdated RC4 encryption not supported
Result negativ Outdated RC4 encryption supported
Description Your web server/website is configured to continue supporting the RC4 encryption feature, which is now considered insecure. This weakens your connections and can lead to an attacker decrypting your data.
Background The long-established encryption algorithm RC4 has been considered insecure for many years. Security researchers are aware of many critical gaps. In 2015, the IETF (Internet Engineering Task Force) banned the use of RC4 for TLS Connections in RFC7465.
Consequence Attackers can use RC4 encryption to potentially decrypt the communication between your website and your customer's browser, as RC4 has known vulnerabilities. This can be used to read passwords, form data or credit card information and misuse them for criminal purposes.
Solution/Tips If Outdated RC4 encryption supported was reported, deactivate support for the RC4 encryption.