ROBOT (Return of Bleichenbacher’s Oracle Threat) is the reappearance of a vulnerability in SSL/TLS that appeared first in 1998. This article explains, how you can prevent SSL ROBOT.
LOGJAM is a security vulnerability against a Diffie-Hellman key exchange using 512 to 1024 bit keys. The attack forces a downgrade on the TLS connection to use only 512 bits which allows to read and inject data into the connection.
The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is a fallback attack that tries to downgrade the used TLS protocol version. Learn how to prevent SSL POODLE in this article.
FREAK (Factoring RSA Export Keys) is a vulnerability of the weak export cypher suites in SSL/TLS. Due to a weakness in the SSL/TLS protocols using only 512 or fewer bits it can easily be broken.
A server vulnerable for BEAST (Browser Exploit Against SSL/TLS) has the problem: By using weaknesses in cypher block chaining, an attacker can use Man-In-The-Middle attacks to decrypt and obtain authentication tokens.
The negotiation process of the SSL encryption uses much more resources on the server than on the client. If the client can initiate the renegotiation process, an attacker can render the server unavailable with a Denial of Service attack.
The heartbleed vulnerability allows attackers to steal the private key of a server certificate. If the server is vulnerable to heartbleed, this means that an attacker can retrieve the private key and impersonate the server.
The server is vulnerable to CCS Injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key.
The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations to be handled by different parties. This leaves your data vulnerable to Man-In-The-Middle attacks.
The TLS Signaling Cipher Suite Value (SCSV) is protection against TLS/SSL downgrade attacks. If enabled, the server makes sure that the strongest protocol that both client and server understand, is used.