In this article:
Question
When reviewing findings of 'SSL/TLS Service Supports Weak Protocol' and clicking on 'Observations' there may be multiple observations from different IP addresses and/or domains.
Answer
When a wildcard certificate is used, the subdomains will be grouped under the apex domain and will show as different observations. The finding is still against one certificate.
- SNI is the exact (sub-)domain where the issue was observed.
- IP is an IP address to which the SNI resolved at the moment.
NOTE: It is Important to note that if there are multiple observations under a single finding, the individual observations even though might be fixed, the observations cannot be manually remediated. Even though the last observation date against those individual observations is greater than the decay period (45 days for most issue types), the whole finding's Last Observation Date is what matters. The Last Observation Date of the finding is taken from the newest "Last Observed At" date of the observations under that finding. Once the Last Observed Date against the finding itself is more than 45 days old, that is when the finding will be decayed.
Comments
0 comments
Please sign in to leave a comment.