Cybersecurity Information - Deprecated TLS Versions, Cipher Suites, Key-Exchange

Reading time 2 Minutes

Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations

Various organizations (BSI / NIST) have the option of receiving information by e-mail that informs you about weaknesses, security gaps and current threats.

For example via the warning and information service (WID) of the Federal Office for Information Security.

The NSA (National Security Agency) published about Github also information on security issues.

The current publication deals with the topic of TLS and the associated mechanisms for the secure transmission of data.

I have attached the PDF document with the current recommendations, which should have been known for a long time, here.

ELIMINATING OBSOLETE TLS

It deals in detail with outdated TLS versions, cipher suites and key exchange mechanisms. At the same time, the recommendations of CNSS (Committee on National Security Systems) and NIST (National Institute of Standards and Technology).

An excerpt from the document ELIMINATING OBSOLETE TLS

The following table indicates the prioritization and urgency for immediate remediation of obsolete TLS versions.

The online scanner from Pentest tools checks e.g. for the following vulnerabilities:

  • CRIME
  • FREAK
  • LOGJAM
  • BEAST
  • Secure renegotiation
  • CCS injection
  • ROBOT
  • SWEET32
  • RC4
  • DROWN
  • Heartblead
  • Ticketbleed
  • POODLE

SSLTLS Vulnerability Scanner

Ein Kommentar

Comments are closed.