Aus Siwecos
Version vom 4. Juli 2018, 12:57 Uhr von Siwebot (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=== <span style="color:#c31622">{{:{{PAGENAME}}/Headline}}<span>=== {| class="wikitable" |'''Check'''|| {{:{{PAGENAME}}/Negative}} |- |'''Beschreibung'''…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Check for weak encryption functions

Check Weak EXPORT encryption supported
Beschreibung Your web server/website is configured to use intentionally insecure encryption methods. This allows to decrypt communication with your server using Man-in-the-middle attacks.
Hintergrund The term cipher suite stands for a collection of cryptographic methods. This collection contains the key exchange method, the signature method, the encryption, and cryptographic hash functions. This combination of cryptographic components ensures that there is a secure connection for the communication between two parties, for example your browser and a web server or website. In the TLS protocol (Transport Layer Security), the cipher suite determines which algorithms are used to establish a secure data connection, and it ensures that the connection is secure.
Auswirkung Attackers can use a weak encryption method to decode communication between your Web page and the browser of your customer without any problems. It can be used, for example, to read passwords, form data or credit card information and misuse them for criminal purposes. This make possible Man-in-the-middle attacks.
Lösung / Tipps If Weak EXPORT encryption supported was reported, deactivate support for EXPORT encryption methods on the web server.

[[Category: ]]