AnsweredAssumed Answered

Social Security Site VERY insecure

Question asked by Marc Hoffman on Feb 3, 2015



I was helping a colleague try to access We had a few problems connecting, and when I found out why, I was AMAZED. It appears that the site REQUIRES TLS 1.0. It will not accept connectivity with TLS 1.1 or 1.2. I was also a bit surprised to see that the only version of SSL it supports is SSL3.


I'm curious as to how we can get this reported. I tried reporting on the user "feedback" form on the site, but I fear that, as with all government programs, the feedback will get lost in a back room somewhere.


Here's the info: