Aus Siwecos
Version vom 7. Mai 2020, 11:40 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for Invalid Curve Vulnerability

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Not vulnerable to Invalid Curve Attacks.
Result negativ Vulnerable to Invalid Curve Attacks.
Description The server is vulnerable to an Invalid Curve attack. This allows an attacker to steal the secret key of your certificate. After that, all your future connections will also be compromised, as well as parts of your past communication.
Background For cryptographic encryption, elliptical curves must be selected very carefully, since keys are created from certain curve points, which is not so easy.
Consequence The server is vulnerable to an implementation vulnerability that allows an attacker to decrypt the communication and steal the private key of your certificate.
Solution/Tips If vulnerabilities have been reported, immediately install an update to your TLS implementation on your server. You should also replace your certificate, as it may already have been compromised.