Security7 min read

TLS and Certificate Misconfigurations Attackers Look For

TL;DR: Attackers check TLS posture first because it is free reconnaissance: expired or mismatched certificates, legacy protocol versions, missing HSTS, and broken chains are all visible from a single unauthenticated connection. Each one either enables interception and downgrade attacks outright or signals an unmaintained perimeter worth probing further.

Every HTTPS connection starts with your server showing its hand: the certificate it presents, the chain behind it, the protocol versions and cipher suites it will accept, and the security headers it sends back. Collecting all of that requires no credentials and triggers no alarms, because it is the same handshake every legitimate browser performs. That is why TLS posture is among the first things an attacker inspects, and why it belongs in any external scan.

Why do attackers care about your TLS configuration?

Three reasons. First, some TLS weaknesses are directly exploitable: a server that still accepts legacy protocol versions, or a site reachable without HSTS, exposes users to interception and downgrade from an on-path position. Second, certificates leak intelligence: subject alternative names enumerate the hostnames a certificate covers, and certificate transparency logs publicly broadcast every issued certificate, revealing staging and internal-facing subdomains the moment they get one. Third, TLS is a proxy signal for maintenance. An expired certificate or a broken chain tells an attacker that nobody is watching this perimeter closely, and that the rest of the stack is probably in similar shape. It is one slice of the broader reconnaissance covered in what an attacker can see on your website.

Which certificate problems matter most?

  • Expired certificates. The visible cost is a full-page browser warning and lost traffic. The hidden costs are worse: users learn to click through warnings, and machine-to-machine clients that hit the expiry either fail (an outage) or get "fixed" by disabling certificate verification, which quietly removes authentication forever.
  • Hostname mismatch. The certificate does not cover the name being served. It often appears on forgotten subdomains pointed at shared infrastructure, and it teaches the same warning-fatigue lesson as expiry while marking the host as unmaintained.
  • Self-signed or internal-CA certificates on public endpoints. To a visitor's browser, these are indistinguishable from an active man-in-the-middle. Any workflow that asks users to accept one is training them to accept a real attack.
  • Weak keys and deprecated signature algorithms. Certificates with short RSA keys or legacy SHA-1 signatures are rejected by modern clients and undermine the integrity the certificate exists to provide.

What goes wrong in the certificate chain?

Your server is supposed to present the leaf certificate plus every intermediate needed to reach a trusted root. When an intermediate is missing, some clients still connect, because a browser may have the intermediate cached or fetch it on the fly, while stricter clients fail. The result is the classic "works in my browser, fails from curl, mobile apps, and monitoring" bug. Wrong ordering, expired intermediates, and stale cross-signed chains produce the same intermittent breakage.

Chain issues deserve attention precisely because they are intermittent: the people most likely to hit them are API integrators, and the common workaround on their side is disabling verification. An external scan validates the chain exactly as your server serves it, not as a forgiving browser papers over it.

Which protocol versions should be off?

SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 are all formally deprecated, TLS 1.0 and 1.1 by RFC 8996, and the older SSL versions have known practical attacks against them. The problem with leaving them enabled "for compatibility" is downgrade: an attacker in the network path can interfere with negotiation so that both sides settle on the weakest mutually supported version, then attack that.

The modern baseline is TLS 1.2 with a current cipher configuration, with TLS 1.3 preferred. TLS 1.3 removes entire classes of legacy risk by design: obsolete cipher suites, static RSA key exchange, and renegotiation are simply gone. Within TLS 1.2, legacy suites such as RC4 and 3DES should be disabled.

Why does missing HSTS matter so much?

Because the first request is the weak one. When a user types a bare domain, browsers may attempt plain HTTP before following your redirect to HTTPS. An attacker in the path can answer that first plaintext request themselves and keep the victim on HTTP indefinitely, a technique known as SSL stripping. A redirect chain that passes through an HTTP hop has the same flaw built in: one link in the chain silently drops encryption.

The Strict-Transport-Security header closes this: it instructs browsers to use HTTPS only for your domain for a set period, with includeSubDomains extending the guarantee and preload protecting even the first-ever visit. An outside scan flags both a missing HSTS header and any HTTPS-to-HTTP downgrade inside the redirect chain.

What DNS-side controls back your certificates?

Certificate trust starts with DNS, and DNS offers controls most sites never deploy. A CAA record restricts which certificate authorities may issue for your domain; without one, an attacker who can pass validation at any CA can obtain a valid certificate in your name. DNSSEC signs your zone against cache poisoning, and it is a prerequisite for DANE, which pins certificates in DNS and is mainly used to harden mail transport today. These records are readable from the outside like everything else, and they complement the email authentication records that live in the same zone.

What does each misconfiguration hand an attacker?

MisconfigurationWhat an attacker gainsThe fix
Expired certificateWarning-fatigued users, clients with verification disabledAutomate renewal and monitor expiry externally
Hostname mismatchA warning-wrapped foothold on forgotten subdomainsCover every served name, retire stale DNS entries
Incomplete chainIntermittent failures that push integrators to disable verificationServe the full chain, leaf plus intermediates, in order
Legacy protocols enabledDowngrade to weaker crypto from an on-path positionDisable everything below TLS 1.2
Missing HSTSSSL stripping on first contact, HTTP hops in redirectsSend Strict-Transport-Security with a long max-age, consider preload
No CAA recordCertificate issuance through any CA an attacker can gamePublish CAA limiting issuance to your chosen CAs

What does an outside TLS scan actually reveal?

An external scan performs the same handshake an attacker would and keeps the evidence: the certificate's subject, issuer, and validity window, the chain exactly as served, the protocol versions accepted, the security headers on the response including HSTS, and the full redirect chain with any HTTPS-to-HTTP downgrade flagged. OnScanner fingerprints TLS, DNS, and WAF posture together in every scan, live and never cached, so the findings describe your perimeter as it stands right now; the methodology page explains how each finding traces to the response that produced it. Certificate expiry in particular is a countdown, which makes scheduled monitoring the difference between a routine renewal ticket and a public outage.

TLS posture is also where automation earns its keep, since every check here is objective and continuously verifiable. The judgment-heavy work that follows, like chasing logic flaws behind authentication, is where manual penetration testing takes over from scanners.

Frequently asked questions

How do attackers find sites with weak TLS?

At scale and automatically. Internet-wide scanning is cheap, certificate transparency logs broadcast every issued certificate in near real time, and search engines for internet-connected devices index handshake details. An expired certificate or a legacy protocol version is a queryable attribute rather than something an attacker must discover by hand. Assume any TLS weakness on a public endpoint is already known to anyone who cares to look.

Is an expired certificate dangerous, or just embarrassing?

Both. The immediate failure is availability and trust: browsers block the page, and users learn to click through warnings, which makes a future real man-in-the-middle attack more likely to succeed. The quieter risk sits in machine-to-machine traffic, where teams respond to an expiry outage by disabling certificate verification in their clients and never turning it back on, silently removing TLS's authentication guarantee for good.

Do I need HSTS if I already redirect HTTP to HTTPS?

Yes. A redirect happens only after the browser has already sent a plaintext HTTP request, and that first request can be intercepted: an on-path attacker can answer it directly and keep the victim on HTTP indefinitely. HSTS tells the browser to skip HTTP entirely on future visits, and preloading extends the protection to the very first one. The redirect is a fallback; HSTS is the control.

See what a scan finds on your site

OnScanner runs live, never-cached security and privacy scans: OWASP Top 10, CVE intelligence with EPSS and KEV context, 40+ privacy checks, and monitoring, with a REST API and MCP server.