Approximately 77 per cent of SSL VPNs use the SSLv3 protocol, which was forged way back in 1996 and is considered obsolete now. Quite a few have SSLv2. Both these protocols have various vulnerabilities and both are unsafe.3. A simi????lar 74 pe????r cent of cert????ificates have an ins????ecure SHA-1 signature, while five per cent mak????e use of even ol????der MD5 technology. By 1 Ja????nuary 2017, the ma????jority of w????e????b br????o????????wsers p????l????an to de????p????r????ecate and s????top ac????????cepting S????HA-1 signed cer????tificates, since the ageing tec????hn????????ology is no strong en????ough to withs????????tand potential attacks.4. Around 41 per c????ent of SS????L VPNs use insecure 1024-bit keys for their RSA cer????tificates. RSA certificate is used for authentication a????nd encryption key excha????nge. RSA key len????g????????ths below 204????8 are con????????sidered in????secure b????ecause th????ey op????en the door to att????acks, some based on ad????vances in code bre????aking and cry????pto-analysis.5. One in 10 of SSL VPN servers that rely on Op????enSSL (e.g. Fortinet), ar????e still vulne????rable to Heartbleed. The i????nfam????ous Heartbleed vulnerability, discovered in April 2014, affe????cted all products using or relyi????ng on OpenSSL, creating a stra????????igh????tforwa????rd wa????y for ha????ckers to ext????ract sen????sitive data su????ch as encryption keys and more from the m????emo????ry of un????mat????ched sys????tems.6. On????ly thre????e per c????e????nt of sca????nned SSL VPNs are co????mpliant with PCI DSS requirements, and none was fo????und co????m????pliant with NI????ST guid????e????lines. The cre????d????it card in????du????stry’s P????CI D????S????S requ????i????rem????ents and NIST guidelines from the US set out ba????s????e????line s????ec????urity standards for organ????isation hand????ling credit card tran????????sactio????ns or go????ver????nment da????ta.