AT&T Video Optimizer
Unsecure SSL Version
With increasing regularity, the news is filled with security vulnerabilities with catchy names like POODLE, Heartbleed, and Shellshock. In the summer of 2016 another vulnerability was discovered called DROWN. These attacks play on weaknesses that have been found in older versions of HTTPs.
So, you’ve gone through the work to make sure your app and server are using HTTPS, but how can you be sure that your HTTPS is secure from these (and future vulnerabilities?
Best Practice Recommendation
The Best Practice recommendation is that if AT&T Video Optimizer detects an older version of SSL that is vulnerable to a known security attack, we recommend that you upgrade your server and app’s security to a known secure version.
Video Optimizer will check the SSL version of your connections, and check against a list of known vulnerabilities. If Video Optimizer detects that one of the connections uses a version of HTTPS with a known vulnerability, your trace will fail this best practice, and the table will point you to the connection(s) that should be examined. From there—you can determine the server—and work with your team to ensure that the HTTPS version is upgraded.