The national security agency (nsa) warns of obsolete tragedial protocols like tls 1.0 (transport layer security) and council for using current procedures to effectively protect traffic on the internet. With their clues, they are focused on government organizations and companies.
If web admins are not about, attackers could break in some cases as man-in-the-middle with comparatively little effort to break the cap and thus copy passwords and other personal data. This is particularly dangerous if that happens about a banking website.
Listing tips of the nsa
The tls standard covers traffic on the retrieval of websites (https). In addition, tls is the most important standard for authentication on the internet. In a paper, the nsa lists, among other things, their association according to obsolete procedures ssl 2.0, ssl 3.0, tls 1.0 and tls 1.1 on. Tls 1.0 has been in use since about 20 years and relies on the already long-ascended hash procedures md5 and sha-1.
Admins should be based on the tls 1, which currently applies.2 or tls 1.Set. In the course of this, you should completely disable unsafe procedures completely, otherwise attackers could paint websites with downgrade attacks like freak.
In addition, insecure closing algorithms such as rc4 or the should not be used. In addition, it is also important to use secure final exchanges such as diffie hellman on elliptic curves (ecdh).
The web browsers already have chrome, firefox co. From tls 1.0/1.1 adopted. The internet engineering task force (ietf) has been working on a ban on old tls versions since 2018.
In the paper, the nsa gives even more information about secure tls configurations and how admins obsolete tls procedures can track traces.