Symantec SSL/TLS check

OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C8 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01

The TLS protocol is used to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more of the following properties:-

  1. The connection is private
  2. The identity of parties can be authenticated
  3. The connection is reliable

Transportation layer came from Secure Socket Layer. A careful configuration of TLS will provide additional privacy-related properties like forwarding secrecy, prevent discloser of encryption keys etc.

Symantec is an SSL/TLS certificate provided with enterprise-class strength and industry-recognized support. Symantec is under VeriSign. There are many web applications using an SSL/TLS certificate issued by Symantec. If the certificate was issued before June 1, 2016. It will stop functioning in Chrome 66. This error will lead to SSL errors to the users and it will impact the end users of the application.


The impact include:-

  • Renegotiation attack
  • Downgrade attacks like Logjam and FREAK
  • Cross-platform attacks like DROWN
  • BEAST attack
  • Breach attacks
  • POODLE attacks

Mitigation / Precaution

This vulnerability can be fixed by:-

  • Updating the SSL/TLS certificate issued by Symantec.

Latest Articles