Knowledge Base

Finding

F

Authentication Method: anonymous authentication

Summary

Security

Lack of authentication is combined with anonymous key exchange[397][398], identity of server cannot be proved, so connection is open for a man-in-the-middle attack[61].

Suggestion

Remove the cipher suite from the list of cipher suites supported by your server.

Evaluate your host!

Type a URL to analyze a service

Get a prompt and clear overview of your security configuration. Right now!

Config Snippets

You can fix your security setting with the following config snippets in various services. You simply copy-paste (or delete) them to get a better secirity and grade. Do not forget to re-check your modified settings above.

If you want to reveal your security weaknesses and monitor your services or supply chain sign up for our beta test.

i
NGINX
OpenSSL version: 0.9.8+
ssl_ciphers …:!aNULL
i
Apache
OpenSSL version: 0.9.8+
SSLCipherSuite …:!aNULL

Affected Cipher Suites