Monday, August 22, 2016

The SSL certificate has nothing todo with the ciphersuite strength

Most individuals installing a HTTPS  web site seems to think the "certificate" or the CA controls the  cipher suite strength which in fact is 100% wrong.

Take a  SSLLAB analysis of a website that was recently installed.


All of the  weak ciphers in the above list scored this site as marginal B score. But have no fear, socpuppets is here.

You can enable only strong ciphersuites and retest the site using SSLLAB and witness the new grade.

( after striking RC4 MD5,etc......)



Now the site has a A+ grade and it's still the same server and installed certificate+private-key.


Ken
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment