Mitigating vulnerabilities associated with weak SSL certificate or encryption ciphers and protocols
Posted: 2015-11-09 13:22:52 Expiration: 2016-11-16 13:22:52
The Shared Web Hosting service in conjunction with the Office of Cybersecurity (formerly OCIS) makes a continual effort to identify web server vulnerabilities and mitigate them. This article specifically addresses weak SSL certificates (SHA1) and/or obsolete encryption ciphers/protocols and what we are doing to mitigate those risks.
Why are we doing this?
This is all done to prevent being a target for cyber attackers and avoid security error messages to users which cause confusion and reduce trust.
Mitigation:
The Web Hosting service maintains web accounts on three platforms: Windows/IIS/ASP.NET, Linux/Apache/PHP/MySQL, and Java via Tomcat. Each platform has two distinct offerings with older and newer versions composed of different levels of OS, web server, application, database etc.
As such, each customer is provided with a migration path to the most up to date frameworks supported by DoIT. We are here to work with customers for a successful and seamless transition to newer servers.
Windows 2008 and Red Hat Linux 5 customers will need to be migrated to our newer platforms for Windows 2012 and RedHat Linux 6 respectively in order to address the obsolete encryption ciphers/protocols. There is no other remediation path other than to move to newer servers.
We are proactively renewing older SHA1 SSL certificates regardless of platform, and we are in the process of contacting all customers over time to migrate.
Contact us:
If you’d like work with Shared Hosting to have your account migrated to the newer platforms sooner rather than later please contact us at: webhosting@doit.wisc.edu
-- DoIT Web Hosting: Jake Simon