• SSL Certificate related vulnerabilities.

    SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: 38170 System: windows server 2012 Cert. used: wildcard from Symantec RESULTS: Certificate #0 CN=*.....com,OU=....,O=.....,L=...,C=... (*......com) ...
    Md. Imran Hosan
    last modified by Md. Imran Hosan
  • DNSSEC

    Hi,    Recently i am with problems to do SSL TEST from you web. The message is "UNABLE TO RESOLVE DOMAIN NAME" but i test the DNS from other locations and works fine.   In trobleshooting, i have...
    david Peña
    last modified by david Peña
  • How to get >A on IIS (Windows 2016>)

    I have tried MULTIPLE ways of trying to get better than an A on an IIS site (windows 2016 or Windows 2019), but the best I can score is A. I have used the most current version of IISCrypto to manage the settings. Ho...
    Shane Rzip
    last modified by Shane Rzip
  • All Qualys-owned websites should score perfectly in the SSL Labs SSL Server Test to have an ideal case as a reference

    To set the example for others, I feel that both qualys.com and ssllabs.com should be improved so that they represent the ideal websites when scored by the SSL Server Test (Powered by Qualys SSL Lab...
    Kenneth Barber
    last modified by Kenneth Barber
  • Firefox, Safari, Edge and Chrome deprecated TLS 1.0 and TLS 1.1. Protocols will be removed from browsers beginnig of 2020.

    Yesterday, October 15th 2018, Microsoft [1], Mozilla [2], Apple [3] and Google [5] all at the same time announced deprecation of TLS 1.0 and TLS 1.1. This two protocols will be removed from browsers beginning of year ...
    j-mailor
    last modified by j-mailor
  • Running SSL Server test or equivalent for a smartphone app

    For the ordinary user (in other words, not an app developer), is there a way to run an SSL test on a smartphone app like the SSL server test at SSL Server Test (Powered by Qualys SSL Labs) or the BrowserChec...
    Bob Stromberg
    last modified by Bob Stromberg
  • TLS 1.3 now final

    fyr https://tools.ietf.org/html/rfc8446
    Rob_T
    last modified by Rob_T
  • Allow protocol choice on server check

    On the server SSL check, I would like to be able to specifcy "Check ipv4 servers" only, since the more servers that are checked, the longer the process takes.
    Douglas Foster
    created by Douglas Foster
  • SSL Server Test: Performing like a champ

    The saying is that nobody ever posts on a support forum when everything's fine. I will prove this saying wrong by taking the time to praise the SSL Server Test tool (I am not affiliated with Qualys in any way).  ...
    Laurent Poulain
    created by Laurent Poulain
  • TLS 1.2 for 2008 (non-R2)

    FYR   Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2   https://support.microsoft.com/de-de/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows-server-2008-s &#...
    Rob_T
    last modified by Rob_T
  • [Feature Request] Other Ports than 443

    well in short I have some stuff I want to test over different ports than 443, because for example my router remote control panel lasts on another port than 443 and I want to see how secure (or not) it is and I have it...
    P J
    last modified by P J
  • New ssl scanning tool

    Hi! I've created some script in python to scanning several sites simultaneously. I'd like to share with you. I will be glad if it is useful for someone.   Features: 1. Scanning several sites simultaneously...
    Ildar Gafarov
    last modified by Ildar Gafarov
  • Feature Request - Support Geo Scan

    Hi,   This post is regarding the SSL Labs server test.   Today many sites are CDN based, hence the same site is distributed across many different local IPs around the world.   This may lead to a n...
    eitanc
    last modified by eitanc
  • SSL Labs API Update?

    Are there plans to update the SSL Labs API to include the updates from the recent version 1.30.5 (most notably ROBOT detection)?  If so is there a time frame for when these updates will go live or perhaps into be...
    roj4ck
    last modified by roj4ck
  • TLS 1.3: Cloudflare test for middleboxes - help testing

    On Twitter I have found an interesting article by Cloudflare employee Nick Sullivan Why TLS 1.3 isn't in browsers yet explaining why TLS 1.3 is still not implemented in the real world. To recap the reason are incompat...
    j-mailor
    last modified by j-mailor
  • PowerShell script for automated scans

    Hi All   After sorting SSL config at work, I put together a PowerShell script to automate future scans using the API.    You can currently find the script here: https://www.musingitoutloud.com/po...
    Damon Johnstone
    last modified by Damon Johnstone
  • HSTS header not being set by NGINX on error

    I am posting this here just to document this in the public space since some of the SSL Labs folks helped me with it offline and I wanted to make sure the information shared was publicly indexed.   I have a ...
    Eric Rosenberry
    last modified by Eric Rosenberry
  • Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11

    just for info https://technet.microsoft.com/library/security/4010323
    Rob_T
    created by Rob_T
  • Time to revisit DNSSEC & DANE/TLSA discussion?

    Time to revisit?   There has been discussion on checking DNSSEC and DANE/TLS.  Prior threads are at:   https://discussions.qualys.com/message/31145?commentID=31145#comment-31145  https://discuss...
    Curtis Villamizar
    last modified by Curtis Villamizar
  • ssl-pusle suggestions how to improve displayed results

    Hi, I have looked at ssl-pulse new data from https://www.trustworthyinternet.org/ssl-pulse/ which are based on ssllabs.com test.   I see very nice graphs, very beautifully presented, nice job.   To make it...
    j-mailor
    last modified by j-mailor