Documentation

Analyzing SSL/TLS Issues

For SSL/TLS vulnerability analysis in Attack Surface Management (ASM), two Issues are available:

  • Deprecated SSL/TLS Protocol Configured: A vulnerability results when a server is configured to allow a deprecated SSL/TLS protocol.
  • Weak SSL/TLS Ciphers Enabled: A vulnerability results when a server is configured to support a SSL/TLS cipher with a known low-sequence of encryption.

SSL/TLS Vulnerabilities in the Issue Definition Library

These Issues are defined in the Issue Definition Library. To locate both definitions, go to Projects and Settings > Library. From there, select Issue Definitions. Once the page comes up, enter SSL in the Search for issues bar.

Access SSL/TLS Issues

To access specific Issues classified under either of these Issue Definitions, select the Issues tab in ASM. Add SSL to the search bar and click Enter. Select Issue from the Grouped by drop down to cluster all SSL/TLS vulnerabilities that are present. 

Click the Expand button to view a list of individual issues within each category.

Choose one of the URLs from this list to explore more detailed Description, References, Proof, and Raw (JSON) information.

Examples

Example 1

In this example, the Proof for a Deprecated SSL/TLS Protocol Detected Issue shows that version 1 of SSL protocol is enabled in the source.

Example 2

In this example, the Proof for a Weak SSL/TLS Ciphers Enabled Issue shows that known-weak SSL/TLS ciphers, TLSv1.2, is present in the source.

Updated 17 days ago