Pete Freitag Pete Freitag

HackMyCF Adds SSL/TLS Scanner

Published on May 27, 2015
By Pete Freitag

I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning.

If you stay up to date with security news you know that there have been a large number of vulnerabilities or weaknesses discovered in SSL or TLS protocols and implementations. For example, we have LogJam, Heartbleed, POODLE, CRIME, BEAST, and those are just the ones with cool names :)

While we have been issuing warnings when SSLv2 and SSLv3 (poodle) are enabled for a while, but here are some of the new checks we have added:

  • Warn if TLS 1.2 is not enabled
  • LogJam: Weak DH Group Size (less than 2048 bits) and some common prime warnings (not fully inclusive)
  • Warn if SSL Certificate will expire soon, or is expired
  • Warn if certificate is signed with SHA1 (will cause warnings/errors in recent Chrome versions)
  • Warn if TLS compression is enabled (CRIME)
  • Test for OpenSSL Heartbleed vulnerability
  • Warn if Public Key Size less than 2048 bits

Here's a screenshot from an example HackMyCF report:

HackMyCF TLS Report

Customers can enable this feature if they have set protocol = HTTPS in their server settings.

hackmycf security tls ssl

HackMyCF Adds SSL/TLS Scanner was first published on May 27, 2015.

If you like reading about hackmycf, security, tls, or ssl then you might also like:

FuseGuard Web App Firewall for ColdFusion

The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.

The weekly newsletter for the CFML Community