HTTPS connection depend on the underlying cryptopgraphic algorithms that are available to the web server. Also, the web server configuration decides which ciphers are exposed to the customer. Many sites are set up with default configurations. This can unintentionally enable weak encryption algorithms.
It is easier than you might think to check which ciphers are running on your web server. Even if the site is not on the Internet, you can check the HTTPS configuration with SSLScan and use the results to find weak ciphers. Check out these videos that will help you get started.
