-
Learn how AI and automation actually work in your Help Desk. Ask our experts how to improve team speed and customer happiness! AMA Nov 17-21.
Ask us anything
HubSpot's certificate is getting flagged by a security tool for SWEET32
SOLVE
1 Accepted solution
HubSpot's certificate is getting flagged by a security tool for SWEET32
SOLVEHi @KSorensen7,
Thanks for reaching out!
This has been already been mitigated by Cloudflare, which is documented toward the end of this page. For additional context, Cloudflare is our Content Delivery Network which is used to protect our websites and services from hackers and to speed up the performance of our customer’s websites).
I wanted to share this snippet from the linked website with you:
"A vulnerability in the use of the Triple DES (3DES) encryption algorithm in the Transport Layer Security (TLS) protocol. Sweet32 is currently a proof of concept attack, there are no known examples of this in the wild. Cloudflare has manually mitigated the vulnerability for TLS 1.0 in the following manner:
- attacker must collect 32GB of data from a single TLS session
- Cloudflare forces new TLS 1.0 session keys on the affected 3DES cipher well before 32GB of data is collected
If you would like to test the protections built into the HubSpot platform using a fully-featured free trial, it is possible to test within the guidelines of our bug bounty program. For more info about HubSpot bug bounty and the guidelines, please visit https://bugcrowd.com/hubspot
Thank you,
Kristen
|
Loop Marketing is a new four-stage approach that combines AI efficiency and human authenticity to drive growth. Learn More |
HubSpot's certificate is getting flagged by a security tool for SWEET32
SOLVEHi @KSorensen7,
Thanks for reaching out!
This has been already been mitigated by Cloudflare, which is documented toward the end of this page. For additional context, Cloudflare is our Content Delivery Network which is used to protect our websites and services from hackers and to speed up the performance of our customer’s websites).
I wanted to share this snippet from the linked website with you:
"A vulnerability in the use of the Triple DES (3DES) encryption algorithm in the Transport Layer Security (TLS) protocol. Sweet32 is currently a proof of concept attack, there are no known examples of this in the wild. Cloudflare has manually mitigated the vulnerability for TLS 1.0 in the following manner:
- attacker must collect 32GB of data from a single TLS session
- Cloudflare forces new TLS 1.0 session keys on the affected 3DES cipher well before 32GB of data is collected
If you would like to test the protections built into the HubSpot platform using a fully-featured free trial, it is possible to test within the guidelines of our bug bounty program. For more info about HubSpot bug bounty and the guidelines, please visit https://bugcrowd.com/hubspot
Thank you,
Kristen
|
|
Loop Marketing is a new four-stage approach that combines AI efficiency and human authenticity to drive growth. Learn More |
