Seurity configuration best practices | cyber security whitepapers | Pune Mumbai Hyderabad Delhi Bangalore Ahmedabad Kolkata India Dubai Bahrain Qatar Kuwait Singapore Australia USA UK Germany Croatia Botswana Mauritius

Title:

Found Old SSL version supported or deprecated protocol used.
SSL weak ciphers are supported.
SSL services running deprecated (less securely trusted) protocol.

Vulnerability:

Why use SSL?
SSL is the foundation of our safe Internet and it secures your critical data as it transmitted within world's computer networks. SSL is basic for ensuring your site, regardless of whether it doesn't deal with sensitive data like credit cards. It gives protection, basic security and information integrity for both your sites and your clients' PII. Few characteristic of SSL:

SSL Encrypts Sensitive Information
SSL Provides Authentication
SSL Provides Trust
SSL is mandate for PCI Compliance

What happens if weaker ciphers are used for SSL?
For weak cipher or old version. Sensitive data transmitted in clear-text is easy to intercept or man-in-the-middle attack to acquire data, exploit popular SSL vulnerabilities via present exploits written for the same purpose.

Solution:

SSL configuration shall have basic data as:
LoadModule ssl_module modules/mod_ssl.so

Listen 443
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>

enables only the strongest ciphers:
SSLCipherSuite HIGH:!aNULL:!MD5