ASSOCIATED DRATA CONTROL
This test is part of the Strong SSL/TLS Ciphers Used control that ensures all data in transit is secure and encrypted using SSL/TLS ciphers. Drata will test the strength of your SSL/TLS encryption to determine if the encryption can easily be decoded or if the data is sufficiently protected.
WHAT DOMAINS/URLS ARE CHECKED
Company domain and product URL specified in Drata. The Drata company domain may not include the http
or https
protocol, or the www
subdomain. This means Drata is testing the SSL certificate on that domain specifically.
WHAT IT DOES
Makes sure that the domains/urls above do not accept connections from browsers that use weak SSL/TLS ciphers.
WHY ARE WE TESTING THIS?
A weak SSL/TLS cipher uses an insufficient key length for the encryption algorithm. This makes it trivial for an attacker to crack the encryption - more-so as computers and GPUs become more powerful.
WHAT TO CHECK IF IT FAILS
There are online tools that check domains for weak ciphers. Also most modern browsers will alert if the cipher suite is not supported.
REMEDIATION
Disable weak ciphers on your web server. This will be unique to your web server tech.
HELPFUL RESOURCES