AnsweredAssumed Answered

Implications of communicating with servers with bad ssl/tls configurations

Question asked by Will Hendrick on Feb 27, 2014
Latest reply on Mar 3, 2014 by j-mailor

Hello,

 

 

I approach this Qualys community with what I expect is a more general interest in SSL and TLS.

 

 

I would like help putting in perspective bad ssl/tls server configurations.

 

 

Do I have cause for alarm if a server receives a poor grade on the ssl server test, even if I am using an up-to-date browser to communicate with the server?

 

 

As an example, what do I risk if I have a shopping experience with a server over a TLS 1.2 connection, even though the server also supports SSL 2.0?

 

 

Does support for insecure protocols or bad cipher suites potentially compromise access to a server, or only what is being transmitted to and from the server over those insecure connections?

 

 

Thank you and I look forward to a response.

Outcomes