Context: The Wormly SSL Tester diagnoses servers which utilize weak ciphers, as well as servers which fail to offer at least one strong cipher.
The SSL/TLS encryption standards allow for a wide variety of different encryption ciphers - also called algorithms to be used in a secure session.
Some of these are inherently more secure than others. Over time, for example, some ciphers have been determined to be intrinsically weak due to flaws in their underlying design.
Others are a by-product of a past era in which US export controls exists to prevent strong cryptography being propagated outside the US. Only weak “export” ciphers were permitted for export use.
Additionally, as computing power increases over time, ciphers which were previously considered to be sufficiently strong to make cracking difficult and time consuming, might now be weak enough to make so called “brute force attacks” possible.
Consequently, your web server should not permit use of known weak ciphers, and should be sure to offer one or more high strength ciphers. To ensure compatibility with less capable clients, it may also be desirable to offer medium strength ciphers as well.
Downtime Hurts. Start monitoring and stop worrying.
Our monitoring service continually tests your servers & web sites to keep you online and performing fast. Fully-featured plans start from just $44 / month.
But don't listen to our spiel - Decide for yourself with a free trial »