You must Sign In to post a response.
  • Category: ASP.NET

    ASP.NET Web application security of the communications being compromised on web server (SSL/TLS conf

    Hi
    I Have a Security Issue on my Web Application.
    On My ASP.NET Web application security of the communications being compromised on web server (SSL/TLS configuration) / weaker SSL implementations were supported.

    Below are the Technologies Using:
    C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.

    Please assist me.
    Thanks.
  • #769268
    What kind of assistance you required. As per the description you are aware that it is compromised, why can't you change it back and make it without any compromise?

    SSL configuration is very standard and and it easy to configure without any security breach.


    Regards,
    Asheej T K

  • #769270
    During testing a scan was run against the server's SSL configuration and it was determined that weaker SSL implementations were supported.
    The result of the scan as well as an interpretation follow below:
    Testing SSL server on port 458
    Weak Server Cipher(s):
    Accepted TLSv1.0 128 bits RC4-SHA
    Accepted TLSv1.0 112 bits DES-CBC3-SHA
    Accepted TLSv1.0 128 bits RC4-MD5


    1) how can i Avoid the DES and RC4 ciphers for encryption, authentication and key exchange.
    2) how to use key lengths of 128 bits and above for symmetric encryption algorithms and 2048 bits for all asymmetric algorithms.

    3) How can i Make sure that HTTP Strict Transport Security (HSTS) is used to ensure that a client's browser always uses a secure connection when accessing the application


Sign In to post your comments