1. Support Center
  2. SSL / TLS Vulnerabilities
  3. Vulnerabilities requiring reconfiguration

Enable TLS Encryption

There is no SSL/TLS encryption enabled on your server. All traffic to your web application is transported via unencrypted channels. This leaves your users vulnerable to man-in-the-middle attacks.

Security Assessment

Security_Assessment_EnableTLSEncryption

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

Lack of TLS encryption is, of course, a significant vulnerability that leaves traffic exposed and easily accessible by malevolent parties. 

But even with TLS encryption, there are several possible directions from which your application can be attacked and compromised. Some of the attacks that can be launched against systems using TLS encryption include: 

  • Renegotiation attacks
  • Downgrade attacks
  • Cross-protocol attacks
  • Timing attacks on padding
  • BEAST, CRIME, BREACH, and POODLE attacks, and more

To get a complete picture of the various vulnerabilities and how to prevent them, see our SSL/TLS Vulnerability guide!

Guides

Suppose you want to provide a secure way for your users to communicate with your web application. You should enable TLS encryption. Especially if any customer data is stored and login with user credentials is offered, this shall, in any case, be offered. To provide a secure way for your users to communicate with your web application, you must enable TLS encryption. You can enable TLS encryption by Configuring Trusted Certificates

For more information about Crashtest Security, visit crashtest-security.com.