AnsweredAssumed Answered

Implications of communicating with servers with bad ssl/tls configurations

Question asked by Will Hendrick on Feb 27, 2014
Latest reply on Mar 3, 2014 by j-mailor




I approach this Qualys community with what I expect is a more general interest in SSL and TLS.



I would like help putting in perspective bad ssl/tls server configurations.



Do I have cause for alarm if a server receives a poor grade on the ssl server test, even if I am using an up-to-date browser to communicate with the server?



As an example, what do I risk if I have a shopping experience with a server over a TLS 1.2 connection, even though the server also supports SSL 2.0?



Does support for insecure protocols or bad cipher suites potentially compromise access to a server, or only what is being transmitted to and from the server over those insecure connections?



Thank you and I look forward to a response.