The Struggle is Real: Analyzing Ground Truth Data of TLS (Mis-)Configurations
This work addresses the problem of TLS misconfigurations for administrators, but it is incremental as it focuses on analyzing existing data without introducing new methods.
The study analyzed usage patterns of TLS configuration testing services over 2.5 months and found a relationship between the number of test runs and the resulting security quality of TLS configurations.
As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services like, e.g., Qualys SSL Server Test can be leveraged to test the correctness of a given web server configuration. We analyzed the utilization of this service over a period of 2.5 months and found two major usage-patterns. In addition, there is a relation between the number of test-runs and the resulting quality (i.e., security) of a TLS configuration.