The development of websites in Indonesia has increased due to the increase internet service users. Websites with user data have information vulnerabilities. Attacks on website can exploit web servers. The attack was carried out to discover usernames, passwords, and sensitive files. The SSL/TLS protocol is a security on the web for secure between clients and servers. This research was conducted to analyze SSL/TLS on the National Agency for Meteorology Climatology and Geophysics (BMKG) website user data for area X, which provides the public with weather and climate data and information. Tests were carried out using data packet tracing method with the Wireshark and the website scanning method in a vulnerability assessment with the Nessus. The tracing results show web server has verified SSL/TLS certificates and public key server using TLS 1.2 protocol to protect user data with encryption using the SHA256 hash algorithm. The vulnerability assessment shows overall risk level is medium. The vulnerability priority rating (VPR) score finding three SSL/TLS vulnerability that requires follow-up actions to reduce the risk of vulnerabilities. The results of tracing data packages and vulnerability assessments help identify weaknesses in website that determine steps in strengthening website security to protect against cyberattacks.