Symantec SSL/TLS check

Nash N Sulthan

Published on

02 May 2022

1 min read

Vulnerability

The TLS protocol is used to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more of the following properties:-

The connection is private
The identity of parties can be authenticated
The connection is reliable

Transportation layer came from Secure Socket Layer. A careful configuration of TLS will provide additional privacy-related properties like forwarding secrecy, prevent discloser of encryption keys etc.

Symantec is an SSL/TLS certificate provided with enterprise-class strength and industry-recognized support. Symantec is under VeriSign. There are many web applications using an SSL/TLS certificate issued by Symantec. If the certificate was issued before June 1, 2016. It will stop functioning in Chrome 66. This error will lead to SSL errors to the users and it will impact the end users of the application.

Impact

The impact include:-

Renegotiation attack
Downgrade attacks like Logjam and FREAK
Cross-platform attacks like DROWN
BEAST attack
Breach attacks
POODLE attacks

Mitigation / Precaution

This vulnerability can be fixed by:-

Updating the SSL/TLS certificate issued by Symantec.

Automated human-like penetration testing for your web apps & APIs

Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Product tour

Written by