Hi - Just starting out with the product and did a basic pentest and it reported as having a high CVE for exploit CVE-2015-8960
This seems to indicate TLS 1.2 or below is enabled.
Has anyone else had this issue ? and if so how did you get around it ?
Hi @bpool1811-gmailcom, welcome to the Vercel Community!
Thanks for sharing this information here. Can you share the Pentest report and any other relevant details that I can forward to our security team?
We take such claims very seriously. So, please keep share the information here.
Thanks again for reaching out about this. Anshuman shared the report with our security team, and they followed up with this info.
Vercel uses Mozilla’s TLS recommendations, enabling Vercel to leverage a secure and adaptable encryption framework, steering clear of specific scanner biases. These guidelines, developed through the consensus of a broad spectrum of security experts, ensure that Vercel’s practices are both comprehensive and current. This strategic choice allows us to make informed security decisions, perfectly balancing the need for compatibility with rigorous security standards. Vercel aligns its encryption protocols with Mozilla’s regularly updated recommendations, ensuring our services are safeguarded against the latest threats and adhere to the most recent cryptographic standards.
The broad industry endorsement of Mozilla’s guidelines ensures smooth integration and compatibility across services. By following these updated best practices, Vercel effectively manages risks and upholds compliance, reinforcing our dedication to delivering secure, reliable managed infrastructure solutions.
Referring to ssllabs will provide evidence of safe cipher usage.
Please let us know if you have any other questions
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.