WIX Website GDPR Compliance

Ravi_Ranjan · February 23, 2024, 2:35pm

Dear Team,

We are using Wix to host our website - https://www.comprotechnologies.com/

The vulnerability scan of our website reported that we should disable certain SSL/TLS encryptions as they have vulnerabilities.
TLSv1.2: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLSv1.2: TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLSv1.2: 64-bit block cipher 3DES vulnerable to SWEET32 attack

Since Wix controls the SSL certificate, we would request the vulnerable cyphers to be disabled.
We are trying to disable SSL certificate.Can you please suggest solution for the same.

pamela · February 27, 2024, 3:11am

@Ravi_Ranjan Hi Ravi! To be compliant to the HHTPS sercurity protocol of the web, Wix does not disable SSL certificates.
You can find additional details regarding the security measures we take in our whitepaper here: https://www.wix.com/trust-center/security
We also run regular scans and audits with internal and external teams to ensure that Wix sites and user data remain secure.

To get details on all the steps we take to protect your information, please see the following article: Security of Wix’s Sign Up Services and User Information

If you haven’t already, you can reach out to Customer Care and they can get your ticket to the relevant department where they may be able to provide you with more specific information about your request.

Gaurav_Chaddha · February 27, 2024, 5:43am

Dear Team, this is Gaurav Chaddha (gaurav.chaddha@comprotechnologies.com. I did raise a support ticket yesterday in which I provided the screenshot of the scan. Can you please link this ticket with the incident that I raised yesterday.

For your reference the screenshot of the scan is attached here again,

user3016 · August 18, 2024, 11:33pm

Hi @pamela,

I don’t think Ravi’s request was to disable SSL certificates and encryption in general. It is to ensure encrypted connections stop using two specific old cipher suites which are known to be vulnerable. (During the setup of the encrypted connection, the web host will offer a number of cipher suites, and the client pick the most secure that it is able to use.)

Wix servers offer a list of cipher suites which are mostly secure, just excepting those two.

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Both were discovered to be vulnerable to the SWEET32 attack in 2016, which is 8 years ago now.

It turns that since Ravi’s request, there’s only one left, the Wix team must have removed one of the two insecure cipher suites for security reasons, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

But that leaves one last cipher suite with the SWEET32 vulnerability that also needs to be removed: TLS_RSA_WITH_3DES_EDE_CBC_SHA. Then Wix servers will only be offering secure cipher suites.

If the Wix’s infosec team want to confirm

nmap rates these weak, nmap --script ssl-enum-ciphers wix.com -p 443
entry at ciphersuite.info
see the site sweet32.info
Microsoft even use this suite as the canonical example of what to disable with PowerShell

Hope that makes sense. Thanks for your help!

Topic		Replies	Views
SSL certificates Ask the community code , question	5	613	September 16, 2021
Website down ssl message Ask the community wix-studio , wix , question	0	182	May 2, 2024
HELP - Error message "This site can’t provide a secure connection" pops up and website refuses to load. I've made no changes and it was working great for years Ask the community wix-studio , question	1	39	April 19, 2025
Domain SSL Conflicting Information? Ask the community	3	169	May 11, 2020
Wix Code Database Encryption and Security Ask the community code , wix-stores , question	3	2066	September 6, 2018

WIX Website GDPR Compliance

Related topics