Marc Walzer
Sicherheits- und Datenschutzbeauftragter bei Sherpany

Weak TLS Encryption: a wide-spread risk

Since the 24th of July Google Chrome is taking a stand against websites which are not using secure connections. The broadly used web browser now marks all websites as insecure if they are not using HTTPS by default.

When accessing a website, your browser is communicating with the server through the internet. If the traffic is not adequately protected it can be read and modified by any hacker that manages to break into the connection between browser and website. This opens up a variety of threats including but not limited to exposure of sensitive information (e.g. credit card information, passwords) or the injection of malicious code which could be executed on your computer. With a HTTPS connection, all communications are securely encrypted, but the devil lies in the detail.

HTTPS uses a method called Transport Layer Security (TLS) to encrypt data in transit. When your browser sends a request for a HTTPS connection, the server will initiate the TLS-handshake. This procedure authenticates the identity of the server and then negotiates respective TLS-ciphers used for the secure session.

TLS ciphers

The ciphers which are negotiated during the TLS-handshake define the algorithms to secure data in transfer during an HTTPS session. A cipher looks like this:

Source: www.nginx.com

How the algorithms work or their specific purpose is out of scope of this article. It is important to understand that the whole TLS-encryption is only as strong as its weakest link. This means that if only one of these four algorithms can be broken, the security of the whole HTTPS-session is compromised. Therefore, a provider should regularly disable weak and outdated ciphers on the server-side to prevent insecure connections.

The online service SSLLabs performs a deep analysis of the configuration of any TLS web server. You can easily generate a comprehensive report about the security of any website, which is rated from A until F (where A is top and F is flop). Based on the in-depth analysis of the enabled TLS-ciphers, the report provides information regarding the certificate, enabled protocols, known vulnerabilities and the browser compatibility. It should make you think, if you see outdated browsers in the list.

Vulnerable board portals?

In our line of business very sensitive information is being processed. Proving that Sherpany takes security seriously, its solution is graded A+ which stands for “Servers with exceptional configurations”. Our DevSecOps team constantly invests a lot of time to configure the server in a way that not only ensures the highest level of security, but also compatibility with a broad variety of browsers.

Doing research we have realised that surprisingly not all board portal providers have configured their servers as rigorously as we do. We have found several instances where even the use of weak ciphers was enabled. This can potentially lead to a compromised HTTPS session where hacker is able the read and alter all communications between the server and the browser.


Your meeting management software might be vulnerable, go ahead and check it with SSLLabs. At Sherpany we believe that security has to be approached in a holistic way and it is obviously not enough to simply claim having TLS in place. To be able to provide a secure cloud-solution, one has to look into details.

Marc Walzer
Marc Walzer
Sicherheits- und Datenschutzbeauftragter bei Sherpany
Marc Walzer verfügt über einen MSc für angewandte Wissenschaften (FFHS) im Bereich ‘Information System Research’. Bei Sherpany ist er verantwortlich für Informationssicherheit und die angemessene Verarbeitung von personenbezogenen Daten.

Read more about security on our Insights and Resources page.

Besuchen Sie die Webseite

Einblicke und Ressourcen


Einblicke und Ressourcen

Unsere Inhalte unterstützen Führungskräfte dabei, ihre Meetings zum Erfolg zu machen und ihre Unternehmensziele zu erreichen. Dazu gehören: Experteninterviews, Artikel, White Papers, Leitfäden und Fallstudien.

Unsere Inhalte legen einen Fokus auf folgende Themen:

  • Meeting Management
  • Digitale Transformation
  • Agile Führung

Testen Sie Sherpany

Gerne würden wir mit Ihnen einen passenden Termin und den Ort einer ganz auf Sie zugeschnittenen Demonstration von Sherpany vereinbaren. Füllen Sie einfach dieses Formular aus und wir setzen uns umgehend mit Ihnen in Verbindung.

Kontaktieren Sie uns

Wenn Sie mit uns über unsere Lösung sprechen möchten oder spezielle Wünsche haben, kontaktieren Sie uns und wir werden uns in Kürze mit Ihnen in Verbindung setzen.


Füllen Sie das folgende Formular aus und Sie werden so schnell wie möglich kontaktiert.

Newsletter abonnieren