Marc Walzer
Délégué à la protection des données chez Sherpany

Weak TLS Encryption: a wide-spread risk

Since the 24th of July Google Chrome is taking a stand against websites which are not using secure connections. The broadly used web browser now marks all websites as insecure if they are not using HTTPS by default.

When accessing a website, your browser is communicating with the server through the internet. If the traffic is not adequately protected it can be read and modified by any hacker that manages to break into the connection between browser and website. This opens up a variety of threats including but not limited to exposure of sensitive information (e.g. credit card information, passwords) or the injection of malicious code which could be executed on your computer. With a HTTPS connection, all communications are securely encrypted, but the devil lies in the detail.

HTTPS uses a method called Transport Layer Security (TLS) to encrypt data in transit. When your browser sends a request for a HTTPS connection, the server will initiate the TLS-handshake. This procedure authenticates the identity of the server and then negotiates respective TLS-ciphers used for the secure session.

TLS ciphers

The ciphers which are negotiated during the TLS-handshake define the algorithms to secure data in transfer during an HTTPS session. A cipher looks like this:

Source: www.nginx.com

How the algorithms work or their specific purpose is out of scope of this article. It is important to understand that the whole TLS-encryption is only as strong as its weakest link. This means that if only one of these four algorithms can be broken, the security of the whole HTTPS-session is compromised. Therefore, a provider should regularly disable weak and outdated ciphers on the server-side to prevent insecure connections.

The online service SSLLabs performs a deep analysis of the configuration of any TLS web server. You can easily generate a comprehensive report about the security of any website, which is rated from A until F (where A is top and F is flop). Based on the in-depth analysis of the enabled TLS-ciphers, the report provides information regarding the certificate, enabled protocols, known vulnerabilities and the browser compatibility. It should make you think, if you see outdated browsers in the list.

Vulnerable board portals?

In our line of business very sensitive information is being processed. Proving that Sherpany takes security seriously, its solution is graded A+ which stands for “Servers with exceptional configurations”. Our DevSecOps team constantly invests a lot of time to configure the server in a way that not only ensures the highest level of security, but also compatibility with a broad variety of browsers.

Doing research we have realised that surprisingly not all board portal providers have configured their servers as rigorously as we do. We have found several instances where even the use of weak ciphers was enabled. This can potentially lead to a compromised HTTPS session where hacker is able the read and alter all communications between the server and the browser.


Your meeting management software might be vulnerable, go ahead and check it with SSLLabs. At Sherpany we believe that security has to be approached in a holistic way and it is obviously not enough to simply claim having TLS in place. To be able to provide a secure cloud-solution, one has to look into details.

Marc Walzer
Marc Walzer
Délégué à la protection des données chez Sherpany
Marc Walzer est titulaire d’un MSc en sciences appliquées (HESD) à la recherche sur les systèmes d’information. Chez Sherpany, il est responsable de la sécurité de l’information et s’assure que les données personnelles soient traitées de manière appropriée.

Read more about security on our Insights and Resources page.

Visiter le site web

Connaissances et Ressources

Cécile Dejoux

L'IA au service du dirigeant de demain


Connaissances et Ressources

Nous aidons les dirigeants et les administrateurs à tirer profit de toutes leurs réunions à travers des interviews d'experts, des articles, des livres blancs, des guides et des études de cas.

Nos ressources abordent les thèmes suivants :

  • Gestion des réunions
  • Transformation digitale
  • Management agile

Essayez Sherpany

En remplissant le formulaire ci-dessous, vous serez contacté par l'un de nos experts qui vous montrera, sans obligation, le fonctionnement de la solution Sherpany et comment celle-ci peut gérer vos réunions pour vous.


Si vous souhaitez en savoir plus sur notre solution ou si vous avez des demandes spécifiques, remplissez ce formulaire et nous vous contacterons dans les plus brefs délais.

Demandez un devis

Remplissez le formulaire suivant et vous serez contacté dès que possible.

S'abonner à la newsletter