Invalid-Curve-Ephemeral-Vulnerability-SMTPS/EN
Version vom 7. Mai 2020, 11:40 Uhr von Siwebot (Diskussion | Beiträge)
Check for Ephemeral Invalid Curve Vulnerability
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | Not vulnerable to Ephemeral Invalid Curve attacks. |
Result negativ | Vulnerable to Ephemeral Invalid Curve attacks. |
Description | The server is vulnerable to a Ephemeral Invalid Curve Attack. This allows an attacker to attack the connections. |
Background | Elliptic Curve Cryptography (ECC) is one of the cornerstones of modern cryptography due to its security and performance features. It is used in key exchange protocols as well as for the calculation of signatures. However, fatal security holes can occur if it is used incorrectly. |
Consequence | The server is vulnerable to an implementation vulnerability that allows an attacker to decrypt the communication. |
Solution/Tips | If vulnerability has been reported, immediately install an update to your TLS implementation on your server. |