The Struggle is Real: Analyzing Ground Truth Data of TLS (Mis-)Configurations
Christian Tiefenau, Emanuel von Zezschwitz
TL;DR
This paper analyzes how TLS configurations are tested in practice, revealing usage patterns and the relationship between testing frequency and configuration security quality.
Contribution
It provides an empirical analysis of TLS configuration testing practices and their impact on security quality, based on 2.5 months of data from a popular testing service.
Findings
Two major usage patterns identified in testing behavior
More test runs correlate with higher security quality
Insights into real-world TLS configuration practices
Abstract
As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services like, e.g., Qualys SSL Server Test can be leveraged to test the correctness of a given web server configuration. We analyzed the utilization of this service over a period of 2.5 months and found two major usage-patterns. In addition, there is a relation between the number of test-runs and the resulting quality (i.e., security) of a TLS configuration.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · Cryptography and Data Security