Weak-DES-Encryption/EN: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „=== {{:{{PAGENAME}}/Headline}} === If the result is positive, there is no need for further action. If the result is negative, please read the following inst…“)
 
 
Zeile 1: Zeile 1:
 +
 
=== {{:{{PAGENAME}}/Headline}} ===
 
=== {{:{{PAGENAME}}/Headline}} ===
  

Aktuelle Version vom 7. Mai 2020, 10:41 Uhr

Check for DES encryption

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Outdated DES encryption not supported
Result negativ Outdated DES encryption supported
Description Your web server/website is configured to support the outdated DES encryption method (cipher suite), which is regarded as insecure. This makes you vulnerable to man-in-the-middle-attacks.
Background The term cipher suite stands for a cryptographic protocol that contains the key exchange method, the signature method, the encryption, and cryptographic hash functions. This combination of cryptographic components ensures that there is a secure connection for the communication between two parties, for example your browser and a web server or website. In the TLS protocol (Transport Layer Security), the cipher suite determines which algorithms are used to establish a secure data connection.
Consequence Attackers can use DES encryption to decrypt the communication between your website and your customer's browser, as DES does not offer sufficient security. This can be used, for example, to decrypt passwords, form data or credit card information and misuse them for criminal purposes.
Solution/Tips If Outdated DES encryption supported was reported, deactivate support for the DES encryption method in your web server software.