Pete FreitagHackMyCF Adds SSL/TLS Scanner
By Pete Freitag
I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning.
If you stay up to date with security news you know that there have been a large number of vulnerabilities or weaknesses discovered in SSL or TLS protocols and implementations. For example, we have LogJam, Heartbleed, POODLE, CRIME, BEAST, and those are just the ones with cool names :)
While we have been issuing warnings when SSLv2 and SSLv3 (poodle) are enabled for a while, but here are some of the new checks we have added:
- Warn if TLS 1.2 is not enabled
- LogJam: Weak DH Group Size (less than 2048 bits) and some common prime warnings (not fully inclusive)
- Warn if SSL Certificate will expire soon, or is expired
- Warn if certificate is signed with SHA1 (will cause warnings/errors in recent Chrome versions)
- Warn if TLS compression is enabled (CRIME)
- Test for OpenSSL Heartbleed vulnerability
- Warn if Public Key Size less than 2048 bits
Here's a screenshot from an example HackMyCF report:
Customers can enable this feature if they have set protocol = HTTPS in their server settings.
HackMyCF Adds SSL/TLS Scanner was first published on May 27, 2015.
If you like reading about hackmycf, security, tls, or ssl then you might also like:
- Self Signed Certificates in Edge on Windows 2022
- Development SSL / TLS with CommandBox
- Fixinator and Foundeo Security Bundle
- How to Resolve Java HTTPS Exceptions
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.