We host a website for a customer who has reported an issue in the ciphers suite being used for TLS in their website. The said customer is a financial institution. I have attached their assessment of the issue at the bottom.
This link (Ciphers - How to configure) suggests Netlify will update its Cipher suite. Another thread suggested deployed a custom SSL certificate. We use Netlify as a “managed” platform for automatically deploying generated websites. Do you have a suggested way to fix this issue?
------- Our customer’s assessment report ----
Remediate Security Vulnerability on XXXXX.com/ found by WAVM: Insufficient Transport Layer Protection
SHA-1 The TLS endpoint supports the use of ciphers with SHA-1 message authentication. #### Attack Details Date: 2020-03-01 18:12:10.481406765 +0000 UTC Target: XXXXX.com:443 IP Address: 126.96.36.199 Supported ciphers: RFC Code Key Enc Bits Mac Protocol(s) Legend TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] ECDH AES 256 SHA1 TLS1.2 SHA TLS_RSA_WITH_AES_256_CBC_SHA [0x0035] RSA AES 256 SHA1 TLS1.2 SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA [0xC013] ECDH AES 128 SHA1 TLS1.2 SHA TLS_RSA_WITH_AES_128_CBC_SHA [0x002F] RSA AES 128 SHA1 TLS1.2 SHA
Solution Disable ciphers suites which utilize SHA-1 message authentication and/or DH or DHE key exchanges.