• Testing Android x vs. Chrome on Android x

    Seeing Android 7.0 reduced the list of available curves to just prime256v1 I wonder how to test a server for compatibility considering the current client list in SSL Labs. As I understand, „Android 7.0&ldqu...
    Matthias Wächter
    last modified by Matthias Wächter
  • SSL Test with wrong Android 4.4 config

    Hi! On your Android 4.4 page (Qualys SSL Labs - Projects / User Agent Capabilities: Android 4.4.2) you have configured the wrong cipher suites. According to <uses-sdk> | Android Developers  Android 4.4 is...
    André Glöckner
    last modified by André Glöckner
  • Remove scan result from Google search results

    Hello, everybody. I would like to have some search results removed by Google. Is that possible? Because I have made the mistake of using https://www.dev.ssllabs.com/ instead of https://ww.ssllabs.com.   When I ...
    Luca Nussbaumen
    last modified by Luca Nussbaumen
  • Chain issue: Contains anchor

    If the certificate chain presented by the server contains the root anchor, this is noted as a "issue" in the result.   It is my belief that this is actually NOT an issue according to RFC5246:   "Because ce...
    last modified by kju
  • Grade capped to "B" due to weak DH parameter

    Hi,   Ssltest reports "This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B". Certificate is backed by BigIP F5, which is limited to 1024 DH primes but is not subject to the ...
    Olivier BOËL
    last modified by Olivier BOËL
  • SSL Certificate related vulnerabilities.

    SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: 38170 System: windows server 2012 Cert. used: wildcard from Symantec RESULTS: Certificate #0 CN=*.....com,OU=....,O=.....,L=...,C=... (*......com) ...
    Md. Imran Hosan
    last modified by Md. Imran Hosan

    Hi,    Recently i am with problems to do SSL TEST from you web. The message is "UNABLE TO RESOLVE DOMAIN NAME" but i test the DNS from other locations and works fine.   In trobleshooting, i have...
    david Peña
    last modified by david Peña
  • How to get >A on IIS (Windows 2016>)

    I have tried MULTIPLE ways of trying to get better than an A on an IIS site (windows 2016 or Windows 2019), but the best I can score is A. I have used the most current version of IISCrypto to manage the settings. Ho...
    Shane Rzip
    last modified by Shane Rzip
  • All Qualys-owned websites should score perfectly in the SSL Labs SSL Server Test to have an ideal case as a reference

    To set the example for others, I feel that both qualys.com and ssllabs.com should be improved so that they represent the ideal websites when scored by the SSL Server Test (Powered by Qualys SSL Lab...
    Kenneth Barber
    last modified by Kenneth Barber
  • Firefox, Safari, Edge and Chrome deprecated TLS 1.0 and TLS 1.1. Protocols will be removed from browsers beginnig of 2020.

    Yesterday, October 15th 2018, Microsoft [1], Mozilla [2], Apple [3] and Google [5] all at the same time announced deprecation of TLS 1.0 and TLS 1.1. This two protocols will be removed from browsers beginning of year ...
    last modified by j-mailor
  • Running SSL Server test or equivalent for a smartphone app

    For the ordinary user (in other words, not an app developer), is there a way to run an SSL test on a smartphone app like the SSL server test at SSL Server Test (Powered by Qualys SSL Labs) or the BrowserChec...
    Bob Stromberg
    last modified by Bob Stromberg
  • TLS 1.3 now final

    fyr https://tools.ietf.org/html/rfc8446
    last modified by Rob_T
  • Allow protocol choice on server check

    On the server SSL check, I would like to be able to specifcy "Check ipv4 servers" only, since the more servers that are checked, the longer the process takes.
    Douglas Foster
    created by Douglas Foster
  • SSL Server Test: Performing like a champ

    The saying is that nobody ever posts on a support forum when everything's fine. I will prove this saying wrong by taking the time to praise the SSL Server Test tool (I am not affiliated with Qualys in any way).  ...
    Laurent Poulain
    created by Laurent Poulain
  • TLS 1.2 for 2008 (non-R2)

    FYR   Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2   https://support.microsoft.com/de-de/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows-server-2008-s &#...
    last modified by Rob_T
  • [Feature Request] Other Ports than 443

    well in short I have some stuff I want to test over different ports than 443, because for example my router remote control panel lasts on another port than 443 and I want to see how secure (or not) it is and I have it...
    P J
    last modified by P J
  • New ssl scanning tool

    Hi! I've created some script in python to scanning several sites simultaneously. I'd like to share with you. I will be glad if it is useful for someone.   Features: 1. Scanning several sites simultaneously...
    Ildar Gafarov
    last modified by Ildar Gafarov
  • Feature Request - Support Geo Scan

    Hi,   This post is regarding the SSL Labs server test.   Today many sites are CDN based, hence the same site is distributed across many different local IPs around the world.   This may lead to a n...
    last modified by eitanc
  • SSL Labs API Update?

    Are there plans to update the SSL Labs API to include the updates from the recent version 1.30.5 (most notably ROBOT detection)?  If so is there a time frame for when these updates will go live or perhaps into be...
    last modified by roj4ck
  • TLS 1.3: Cloudflare test for middleboxes - help testing

    On Twitter I have found an interesting article by Cloudflare employee Nick Sullivan Why TLS 1.3 isn't in browsers yet explaining why TLS 1.3 is still not implemented in the real world. To recap the reason are incompat...
    last modified by j-mailor