There is no cipher order for HTTPS ciphers set or the cipher order includes an insecure cipher. This means, that an attacker could make use of an insecure SSL/TLS connection.
Security Assessment
CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Information
There is no cipher order for HTTPS ciphers set or the cipher order includes an insecure cipher. This means, that an attacker can make use of an insecure SSL/TLS connection. In your SSL/TLS configuration, you should set the allowed ciphers and their order to match secure values.In doubt take a look at the TLS configuration proposal offered by Mozilla or use the SSL Config Generator.
Guides
To set the SSL/TLS cipher order for your webserver, configure the ciphers as described in Secure TLS Configuration
For more information about Crashtest Security visit crashtest-security.com
