AnsweredAssumed Answered

Social Security Site VERY insecure

Question asked by Marc Hoffman on Feb 3, 2015

Hello...

 

I was helping a colleague try to access https://secure.ssa.gov. We had a few problems connecting, and when I found out why, I was AMAZED. It appears that the site REQUIRES TLS 1.0. It will not accept connectivity with TLS 1.1 or 1.2. I was also a bit surprised to see that the only version of SSL it supports is SSL3.

 

I'm curious as to how we can get this reported. I tried reporting on the user "feedback" form on the site, but I fear that, as with all government programs, the feedback will get lost in a back room somewhere.

 

Here's the info:

 

FullSizeRender.jpg

Outcomes