SSL broken or CA?
Taken from https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
Large number of available cipher suites and quick progress in cryptoanalysis makes judging a SSL server a non-trivial task. These criteria are widely recognised as minimum checklist:
SSLv2, due to known weaknesses in protocol design
Export (EXP) level cipher suites in SSLv3
Cipher suites with symmetric encryption algorithm smaller than 128 bits
X.509 certificates with RSA or DSA key smaller than 1024 bits
X.509 certificates signed using MD5 hash, due to known collision attacks on this hash
TLS Renegotiation vulnerability[1]
While there are known collision attacks on MD5 and known cryptoanalytical attacks on RC4, their specific usage in SSL and TLS doesn't allow these attacks to be practical and SSLv3 or TLSv1 cipher suites using RC4 and MD5 with key lenght of 128 bit is still considered sufficient[2].
The following standards can be used as reference while assessing SSL servers:
NIST SP 800-52 recommends U.S. federal systems to use at least TLS 1.0 with ciphersuites based on RSA or DSA key agreement with ephemeral Diffie-Hellman, 3DES or AES for confidentality and SHA1 for integrity protection. NIST SP 800-52 specifically disallows non-FIPS compliant algorithms like RC4 and MD5. An exception is U.S. federal systems making connections to outside servers, where these algorithms can be used in SSL client mode.
PCI-DSS v1.2 in point 4.1 requires compliant parties to use "strong cryptography" without precisely defining key lengths and algorithms. Common interpretation, partially based on previous versions of the standard, is that at least 128 bit key cipher, no export strength algorithms and no SSLv2 should be used[3].
SSL Server Rating Guide has been proposed to standardize SSL server assessment and currently is in draft version.
SSL Server Database can be used to assess configuration of publicly available SSL servers[4] based on SSL Rating Guide[5]