There is no cipher order for the HTTPS cipher set, or the cipher order includes an insecure cipher. This means that an attacker could make use of an insecure SSL/TLS connection.

Table of contents
  1. SSL Cipher Order Security Assessment
  2. SSL Cipher Order Vulnerability Information
  3. How to Configure SSL Cipher Order

SSL Cipher Order Security Assessment

Security Assessment Increase TLS Key Size

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

SSL Cipher Order Vulnerability Information

There is no cipher order for the HTTPS cipher set, or the cipher order includes an insecure cipher. This means that an attacker can make use of an insecure SSL/TLS connection. Therefore, in your SSL/TLS configuration, you should set the allowed ciphers and their order to match secure values. In doubt, take a look at the TLS configuration proposal offered by Mozilla or use the SSL Config Generator.

How to Configure SSL Cipher Order

To set the SSL/TLS cipher order for your web server, configure the ciphers as described in Secure TLS Configuration.

See if Your Web App or API Has Security Vulnerabilities

SCAN FOR FREE NOW