Unsecure-RC4-Encryption-POP3/EN: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „=== {{:{{PAGENAME}}/Headline}} === If the result is positive, there is no need for further action. If the result is negative, please read the following inst…“)
 
 
Zeile 1: Zeile 1:
 +
 
=== {{:{{PAGENAME}}/Headline}} ===
 
=== {{:{{PAGENAME}}/Headline}} ===
  

Aktuelle Version vom 7. Mai 2020, 10:40 Uhr

Check for RC4 encryption methodology

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive No outdated RC4 encryption supported
Result negativ Obsolete RC4 encryption supported
Description Your server is configured to continue supporting the RC4 encryption feature, which is now considered insecure. This weakens your connections and can lead to an attacker decrypting your data.
Background The term Cipher Suite stands for a collection of cryptographic methods used (encryption of information). This collection includes the key exchange procedure, the signature procedure, the encryption and cryptographic hash functions. This combination of cryptographic components ensures a secure connection between two parties, e.g. your mail program and a server. In the TLS protocol, the cipher suite (cryptographic procedure) determines which algorithms are to be used to establish a secure data connection and is responsible for the security of the connection.

The long-established RC4 encryption algorithm has been considered insecure for many years. Security researchers are aware of many critical gaps. In 2015, the IETF (Internet Engineering Task Force) banned the use of RC4 for TLS connections in RFC7465.

Consequence Attackers can use RC4 encryption to potentially decrypt the communication between your server and the mail program, since RC4 has known vulnerabilities. This can be used, for example, to read passwords, e-mails or credit card information and misuse them for criminal purposes.
Solution/Tips If Obsolete RC4 encryption supported was reported, disable RC4 encryption support.