Unsecure SSL Version

Introduction

With increasing regularity, the news is filled with security vulnerabilities with catchy names like POODLE, Heartbleed, and Shellshock. In the summer of 2016 another vulnerability was discovered called DROWN. These attacks play on weaknesses that have been found in older versions of HTTPs.

The Issue

So, you’ve gone through the work to make sure your app and server are using HTTPS, but how can you be sure that your HTTPS is secure from these (and future vulnerabilities?

Best Practice Recommendation

The Best Practice recommendation is that if AT&T Video Optimizer detects an older version of SSL that is vulnerable to a known security attack, we recommend that you upgrade your server and app’s security to a known secure version.

Video Optimizer will check the SSL version of your connections, and check against a list of known vulnerabilities. If Video Optimizer detects that one of the connections uses a version of HTTPS with a known vulnerability, your trace will fail this best practice, and the table will point you to the connection(s) that should be examined. From there—you can determine the server—and work with your team to ensure that the HTTPS version is upgraded.