Secure Sites do not pass security scanning software.
I am setting up hosting_https for a client, successfully setup a LetsEncrypt cert, but a security scan by "IBM Security AppScan" still throws issues.
I'm attaching the full report, but the main issues appear to be the old cipher support (according to my client's security person, this is the main problem.)
- Deprecated SSL Version is Supported 1
- RC4 cipher suites were detected 1
- SHA-1 cipher suites were detected 1
- Weak SSL Cipher Suites are Supported 1