HackMyCF Adds SSL/TLS Scanner
I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning.
If you stay up to date with security news you know that there have been a large number of vulnerabilities or weaknesses discovered in SSL or TLS protocols and implementations. For example, we have LogJam, Heartbleed, POODLE, CRIME, BEAST, and those are just the ones with cool names :)
While we have been issuing warnings when SSLv2 and SSLv3 (poodle) are enabled for a while, but here are some of the new checks we have added:
- Warn if TLS 1.2 is not enabled
- LogJam: Weak DH Group Size (less than 2048 bits) and some common prime warnings (not fully inclusive)
- Warn if SSL Certificate will expire soon, or is expired
- Warn if certificate is signed with SHA1 (will cause warnings/errors in recent Chrome versions)
- Warn if TLS compression is enabled (CRIME)
- Test for OpenSSL Heartbleed vulnerability
- Warn if Public Key Size less than 2048 bits
Here's a screenshot from an example HackMyCF report:
Customers can enable this feature if they have set protocol = HTTPS in their server settings.
Like this? Follow me ↯Tweet Follow @pfreitag
HackMyCF Adds SSL/TLS Scanner was first published on May 27, 2015.
If you like reading about hackmycf, security, tls, or ssl then you might also like:
- Development SSL / TLS with CommandBox
- Fixinator and Foundeo Security Bundle
- How to Resolve Java HTTPS Exceptions
- New HackMyCF Features
- HackMyCF Updated for APSB11-29 Security Hotfix
- Determining Which Cumulative Hotfixes are Installed on ColdFusion
- HackMyCF Scanner Updated
- Announcing HackMyCF Paid Subscriptions
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.