Sumeru Cyber Security
  • Sumeru Cyber Security
  • Workarounds for prevalent vulnerabilities
    • Version Disclosure
    • Host Header Attack
    • HttpOnly and Secure Flag
    • Security Headers
    • Clickjacking
    • Weak Password
    • Username Enumeration
    • jQuery Outdated
    • Cross-Origin Resource Sharing
    • AWS S3 Bucket Misconfiguration
    • Directory Listing
    • Laravel Debug Enabled
    • Autocomplete and Remember Password Enabled
    • Brute Force Attack
    • Cross Site Request Forgery
    • SQL Injection
    • PhpMyAdmin page Available Publicly
    • Implementation of BASIC Authentication
    • Cache Browsing
    • Insecure Direct Object Reference
    • Active mixed content over https
    • Improper forgot password implementation
    • ASP.NET Debug Enabled
    • Sensitive Data Sent in GET Request
    • Weak CAPTCHA Implementation
    • Csv Injection
    • Cross Site Scripting
    • Web Server Robot.txt Information Disclosure
    • SSL Related Issues
    • Local File Inclusion
    • Weak CAPTCHA Implementation
    • Automated Form Submission
    • Php.ini File Available Publicly
    • ITLP
    • Internal Path Disclosure
    • Insecure Direct Object Reference
    • Access Token Not Expiring After Logout
  • OWASP A09-Security Logging and Monitoring Failures
  • OWASP API09-Improper Inventory Management v1.0
Powered by GitBook
On this page
  • Introduction
  • How to Find
  • How to Fix
  • References

Was this helpful?

  1. Workarounds for prevalent vulnerabilities

SSL Related Issues

PreviousWeb Server Robot.txt Information DisclosureNextLocal File Inclusion

Last updated 5 years ago

Was this helpful?

Introduction

An organization needs to install the SSL Certificate onto its web server to initiate a secure session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be secure.When a certificate is successfully installed on your server, the application protocol (also known as HTTP) will change to HTTPs, where the ‘S’ stands for ‘secure’. Those certificate details also consists of expiry date of that certificate.A SSL weak cipher is an encryption method that can be broken by a malicious attacker. Sometimes, this is because the keys are small, so a fast computer can just try every possible key until it finds the right one.

How to Find

ssl self-signed certificate issues can be easily identified from website by the below screenshot

when you see a"your connection to this site is not secure" then there is no proper ssl certificate installed for it.

Ssl weak ciphers issues can be identifried by using sslscan command

sslscan --no-heartbleed --no-fallback --no-compression <url>

How to Fix

The steps to be followed to disable SSL weak ciphers

  • Click Start --Run and then type regedit, and then click OK.

  • In Registry Editor, locate the following registry key/folder:

HKey_Local_Machine¥System¥CurrentControlSet¥Control¥SecurityProviders¥SCHANNEL¥Protocols

  • Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server

  • Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.

  • Enter Enabled as the name and hit Enter in it.

  • Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.

  • Now to disable SSL 3.0, right-click on the SSL 3.0 folder and select New and then click Key. Name the new folder Server.

  • Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.

  • Enter Enabled as the name and hit Enter.

  • Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.

  • Restart the computer.

The above steps can used to disable SSL 2.0, SSL 3.0 and TLS 1.0

Fix ssl self signed certificate:

Solution 1

Using a valid certificate which is validated and verified by third party Certificate Authority (CA).

Solution 2

  • In Windows Internet Explorer, click Continue to this website (not recommended)

  • Click the Certificate Error button to open the information window.

  • Click View Certificates, and then click Install Certificate.

  • On the warning message that appears, click Yes to install the certificate.

References

https://sectigostore.com/page/solve-the-invalid-ssl-tls-certificate-issue/
https://www.venafi.com/education-center/ssl/how-to-check-ssl-certificate