SSL 3 enabled

Description

SSL version 3 is vulnerable to padding oracle attacks and other cryptographic weaknesses, making it insecure for use in secure communication.

Recommendation

To mitigate security risks, disable SSL 3 and upgrade to more secure protocols such as TLS 1.2 or TLS 1.3.

References

• OWASP: Transport Layer Protection Cheat Sheet
• RFC 7568: Deprecating Secure Sockets Layer Version 3.0
• CWE-16
• CWE-326
• OWASP 2021-A5

Related Issues

• SSL 2 enabled - Vulnerability
• TLS 1.0 enabled - Vulnerability
• TLS 1.1 enabled - Vulnerability
• No Redirection from HTTP to HTTPS - Vulnerability

Tags:

SSL/TLS

Encryption

Server Misconfiguration