Security SSL Cipher Monitoring

Have you checked that you have no insecure SSL Ciphers on your website or web application?

What is SSL Cipher Monitoring?

SSL is a technology used by most webservers and has recently become a defacto standard for websites, especially after Google marked it as a ranking factor for its search engine.

However, the SSL protocols have been subject to frequent security vulnerabilities over the past few years and these are still found on many webservers.

How does SSL Cipher Monitoring Work?

The SSL Cipher Monitor monitor works by repeatedly initiating connections to your webserver, each time trying a different secure cipher whilst recording whether the webserver accepts or rejects the cipher. When this process is complete, a list of all the ciphersuites and compressors that a server accepts is generated.

Each ciphersuite that has been identified on your webserver is shown in the user interface along with a letter grade which can be from A through F indicating the strength of the connection. The grade that is displayed is based on the cryptographic strength of the key exchange and of the cipher.

RapidSpike App - SSL Cipher

Benefits of the SSL Cipher Monitor

  • Understand the SSL configuration of your webserver.
  • Be alerted to any existing SSL weaknesses.
  • Receive up to date notifications of SSL based vulnerabilities that affect your website.
  • Keep up to date with new vulnerabilities that affect your webservers SSL configuration.
  • Maintain compliance with regulations such as the PCI DSS.