Unsecure-RC4-Encryption-POP3S/EN
Version vom 7. Mai 2020, 11:40 Uhr von Siwebot (Diskussion | Beiträge)
Check for RC4 encryption methodology
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | No outdated RC4 encryption supported |
Result negativ | Obsolete RC4 encryption supported |
Description | Your server is configured to continue supporting the RC4 encryption feature, which is now considered insecure. This weakens your connections and can lead to an attacker decrypting your data. |
Background | The term Cipher Suite stands for a collection of cryptographic methods used (encryption of information). This collection includes the key exchange procedure, the signature procedure, the encryption and cryptographic hash functions. This combination of cryptographic components ensures a secure connection between two parties, e.g. your mail program and a server. In the TLS protocol, the cipher suite (cryptographic procedure) determines which algorithms are to be used to establish a secure data connection and is responsible for the security of the connection.
The long-established RC4 encryption algorithm has been considered insecure for many years. Security researchers are aware of many critical gaps. In 2015, the IETF (Internet Engineering Task Force) banned the use of RC4 for TLS connections in RFC7465. |
Consequence | Attackers can use RC4 encryption to potentially decrypt the communication between your server and the mail program, since RC4 has known vulnerabilities. This can be used, for example, to read passwords, e-mails or credit card information and misuse them for criminal purposes. |
Solution/Tips | If Obsolete RC4 encryption supported was reported, disable RC4 encryption support. |