Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Think you're safe? Think again - SSL Attack Survey

This is a supplement article for SSL Ciphers - Beyond Private Key and Certificate
Created: 22 Jul 2014 • Updated: 05 Aug 2014
robertckl's picture
0 0 Votes
Login to vote

Look! I have a lock, I see https://, I even see the Green Bar, I believe I have protected my server and the clients connecting to our services from attackers now. I can't start increasing security and block clients to my site by disabling SSLv3, MD5 or RC4. I'll be losing customers and profit! I can accept a weaker security as long as user traffic and profit are not affected.

Performance vs Security is a constant struggle between security experts and management. When it comes to SSL it is no different. Do we allow as many clients to access our site as possible, or do we block all the weak connectivities. There has been numerous studies on this, so I won't go into it here. As a SSL security expert, allow me to take sides this time. Allow me to provide some more gear for us to convince our management why SSL security is more important and how we can migitate the risks without affecting performance or traffic too much.

Last year September a comprehensive survey was done by iSECPartners,Inc on the various vulnerabilities with the SSL/TLS technology.

Have a look: Attack on SSL