Tag Archives: Heartbleed

TLS/SSL Vulnerabilities

“Which SSL ciphers should I disable?”

A client recently gave me a list of their supported ciphers and asked me which SSL ciphers they should disable – effectively looking for the most secure SSL ciphers they can use. Instead of the fast answer of “disable the insecure¬†ones”, I thought I’d try and write up something useful.

So here’s a handy reference guide I’m working on. This has been time consuming to develop and no doubt will be added to over time. This isn’t intended to be read from start-to-finish, but is more of a handy SSL/TLS issue cheat-sheet.

Continue reading: TLS/SSL Vulnerabilities

Heartbleed

CVE-2014-0160

A vulnerability exists in outdated version of OpenSSL which allows an attacker to cause the server to disclose up to 64kb of server memory contents. This can cause secret keys, authentication tokens, usernames and passwords to be compromised. This can lead to an attacker being able to impersonate users and decrypt data transferred between a user and the server.

Continue reading: Heartbleed