The Struggle is Real: Analyzing Ground Truth Data of TLS (Mis-)Configurations

09/24/2018
by   Christian Tiefenau, et al.
0

As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services like, e.g., Qualys SSL Server Test can be leveraged to test the correctness of a given web server configuration. We analyzed the utilization of this service over a period of 2.5 months and found two major usage-patterns. In addition, there is a relation between the number of test-runs and the resulting quality (i.e., security) of a TLS configuration.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset