Configure SSL cipher order

There is no cipher order for the HTTPS cipher set, or the cipher order includes an insecure cipher. This means that an attacker could use an insecure SSL/TLS connection.

Security assessment

Security_Assessment_ConfigureSSLCipherOrder CVSS vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability information

There is no cipher order for the HTTPS cipher set, or the cipher order includes an insecure cipher. This means that an attacker can use an insecure SSL/TLS connection. Therefore, in your SSL/TLS configuration, you should set the allowed ciphers and their order to match secure values. In doubt, look at the TLS configuration proposal offered by Mozilla or use the SSL Config Generator.

Prevent attacks

To set the SSL/TLS cipher order for your web server, configure the ciphers as described in Secure TLS configuration.

Security assessment​

Vulnerability information​

Prevent attacks​

Did you find this helpful?

Security assessment

Vulnerability information

Prevent attacks