SSL/TLS configuration of swedish government agencies websites : Finding underlying factors affecting their security level

Abstract: The SSL/TLS protocols over HTTPs main tasks are to encrypt communication and provide verification to the user that the website is the one it is claiming to be. With an increase in egovernment and agencies using e-services where sensitive information can travel over the Internet the need for SSL/TLS has increased and will continue to increase. This study therefore aims to provide answers to how the Swedish agencies have configured their websites in terms of SSL/TLS and why they are at their current level of security in regards to SSL/TLS. A technical survey using the tool Qualys SSL Server Test was used in order to collect the configurations. Follow up interviews with a semi-structured qualitative approach was then used to answer the second research question of what factors affect why they had their current security level. 48,77% of agencies had some sort of implementation but the majority did not use SSL/TLS. The ten most common factors which affected agencies security levels was “Projects”, “Availability”, “Attitude towards security”, “Perceived sensitivity of data”, “Consultants”, “Resources”, “Knowledge of SSL”, “Security responsibility”, “Eservice”, and “Laws or other externa influence”.