Https security question
Posted on 2006-05-15
I have run two separate scans on my web server, recommended that the all weak ciphers need to be disabled , i.e., a user now can connect using low 56 bit encryption browsers rather than the 128 bit required.
The other scanner suggested we use https instead of http, https provides 128 bit encryption. Currently users connect using http to get to the main website, then when customers logon to the secure sites, they are directed to https pages.
Both scanners found the same issue, my question is should users be able to connect at 56 bit to the home page or should we change to https on the home page.
I am offering 250 points.