Secure HyperText Transfer Protocol (S-HTTP) Detection

Medium Nessus Plugin ID 11720


The remote web server encrypts traffic using an obsolete protocol.


The remote web server accepts connections encrypted using Secure HyperText Transfer Protocol (S-HTTP), a cryptographic layer that was defined in 1999 by RFC 2660 and never widely implemented.


Rare or obsolete code is often poorly tested. Thus, it would be safer to disable support for S-HTTP and use HTTPS instead.

See Also

Plugin Details

Severity: Medium

ID: 11720

File Name: shttp_detect.nasl

Version: $Revision: 1.18 $

Type: remote

Published: 2003/06/11

Modified: 2017/06/12

Dependencies: 34474, 10582, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N