• SSLHandshakeException: Failed to negotiate the use of secure renegotiation

    I am using java 1.8.0_191 on my web server, I am writing a code which will call external web service which has following details Secure Renegotiation Not supported   ACTION NEEDED  Secure...
    Nikhil Patil
    created by Nikhil Patil
  • Is there a risk for "Secure Renegotiation: Not Supported"

    Hi,     Is there a risk/security vulnerability for "Secure Renegotiation: Not Supported"?     Thanks, Jack
    Jack son
    last modified by Jack son
  • Apache 2.2 site (no OCSP stapling) gets OCSP alert

    I'm intrigued as to why shows the "OCSP ERROR: Request failed with OCSP status: 6" alert together with "OCSP stapling = No". Another site, on the same server, using the same cert issuer, along with the same SSLCACert...
    last modified by gaia
  • Weak StartCom CA SHA1 only for Path #1

    Hi,   I don't understand why I have two trusted paths and why the StartCom Certification Authority certificate of the Path #1 is weak (= SHA1) and what is the solution to solve this. Thanks in advance.   ...
    Gaspard d'Hautefeuille
    last modified by Gaspard d'Hautefeuille
  • Handshake simulation

    I have a question about the handshake simulation. I've sometimes seen that this lists a cipher that is somewhere at the bottom of the server's preferred order list despite there being a cipher "above" that the client ...
    Anand Bhat
    last modified by Anand Bhat
  • Shall I know why TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 being treated as weak?

    Shall I know why TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 being treated as weak? When did it become weak? Thanks.
    Tianyi Shui
    last modified by Tianyi Shui
  • API Scan result is missing important objects

    I'm using the ssllabsscanner.py file here to perform the SSL Scan in PyCharm. It works and provides a response, but I am missing important objects mentioned in the documentation: https://github.com/ssllabs/ssllabs-sc...
    Canis Lobo
    last modified by Canis Lobo
  • Result strange when server uses dual EC plus RSA cert

    made an Issue Result strange when server uses dual EC plus RSA cert · Issue #797 · ssllabs/ssllabs-scan · GitHub    attached the complete scan result ...
    Max Mueller
    last modified by Max Mueller
  • SSL Labs Known Issues & SSL Labs IP Source IP Addresses

    This page documents the known issues with the SSL Labs code running in production (i.e., www.ssllabs.com).   If your issue is listed as fixed in the latest development version, check it at: https://dev.ssllabs.c...
    Ivan Ristić
    last modified by Robert Dell'Immagine
  • EFT Cipher suite not showing up in scan

    I am running EFT Enterprise by Globalscape on a 2016 Server OS. I get an A+ from the Qualys scan at this URL (https://exfer01.jp.ftitechnology.com) however for some reason the following two ciphers do not get picked u...
    Sean Wasta
    last modified by Sean Wasta
  • Cloudfront and Session resumption (caching) - No (IDs assigned but not accepted)

    Can get my reports on Cloudfront sites to level A. I think to get to A+ I need a way to solve this issue: Session resumption (caching) No (IDs assigned but not accepted)   Any ideas on how to crack that one?
    Greg Pagendam-Turner
    last modified by Greg Pagendam-Turner
  • Where are these properties in the API response?

    These properties are available in the UI when performing a scan at SSL Server Test (Powered by Qualys SSL Labs), but they don't seem to have corresponding properties in the API response:   Revocation Status...
    Canis Lobo
    last modified by Canis Lobo
  • Assessment failed: Directive already specified: max-age

    I keep getting this error message.  Any ideas on what the issue is?  Thanks in advance.
    S Close
    last modified by S Close
  • Regarding RFC 7627 on Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension will become a mandatory TLS extension

    Does Qualys SSL Server test will make this "extended Master secret" TLS extension mandatory to get A+ grade?
    Sajeev S
    last modified by Sajeev S
  • how to disable TLS_RSA_WITH_AES in windows

    Hello, I'm trying to fix my Cipher suite validation on: SSL Server Test (Powered by Qualys SSL Labs)  the validation says that the following ciphers ar weak: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   W...
    Bart Kock
    last modified by Bart Kock
  • Incorrect Certificate Date

    How can I get an incorrect certificate expiration date corrected?
    Jane Zychowicz
    last modified by Jane Zychowicz
  • SSLTest: Protocol Details: Session resumption (caching) in red color

    I have performaned ssllabs.com ssltest for one of our servers. I got in red color "Session resumption (caching)". I would like to read more about this problem. Is there any info related to this topic. It would also be...
    last modified by j-mailor
  • API EndPoint missing Grade Field

    Since late March, we are having issues querying the API successfully.  If we manually run a site, it works.  If we use the API, the Grade field in the EndPoint is missing as per the documentation below. ...
    Greg Woodard
    last modified by Greg Woodard
  • SSL Labs Changelog

    Version 2.1.4Released to production on 16th April 2020   Fixes GitHub: False positive on Windows IIS server for Zombie Poodle/ GOLDENDOODLE (#741, #778) First assessment through API gives the curre...
    Ivan Ristić
    last modified by Nayan Kakati
  • HSTS not recognized by SSL Labs scan when browsing through WAF

    I'm having a very weird issue. I have a WAF that sits in front of some portals (Citrix Netscalers) that my users use to gain access to their office computers and sits in front of some web servers (IIS and Apache)....
    Joe Gruppuso
    last modified by Joe Gruppuso