got a mail from my client, that the companys website failed a penetration test because of this issue:
Risk Vector: SSL Configurations
Details: Diffie-Hellman prime is very commonly used and is not safe; Certificate Name Mismatch
Site is hosted on Webflow plan. Quick research tells me, that i should edit the implementation of the Diffie-Hellman Algorithm. BUt i have no access to the server, so what to do?
Here is my site Read-Only:
( how to share your site Read-Only link)
February 20, 2023, 12:21pm
Not a lot of options here. You can ignore the warning or move the site off Webflow or set up a reverse proxy that does not have that issue. I can deliver hosting that will past your pen testing. DM if interested.
Can´t ignore it because of their security requirements. Apart from that, i have to move the site anyway because of the GDPR issues that European Webflow Customers are struggeling with.
Reverse Proxy is a good tip for further projects.
Thx for your support Jeff