Heartbleed

Web Server security – SSL/TLS

Following the recent attention from the Heartbleed vulnerability, it might be a good idea to have a look at your general SSL/TLS configuration. Being unable to write something more accurate I’ve only supplied to links which details out SSL/TLS versions and support on the different Windows O/S and a free SSL testing tool.
Which protocol is used depends on the server/client negotiated compatibility level. It will, by default use highest possible. – However exploiters will always use lowest possible 🙂

Support for SSL/TLS protocols on Windows
http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx

SSL Test tool
https://www.ssllabs.com/ssltest/

Advertisements