• Question about clearing entry

    Can Qualys clear an entry in the SSLLABS test? I added HSTS and I cannot get it to update its scan results. I made the same change to a number of other domains and it the refresh scan detected just fine. It won't upda...
    Robert Glus
    last modified by Robert Glus
  • TLS 1.0/1.1 Grading Change Date

    As recently detailed in the changelog and the updated blog post, SSL Labs has moved the the grading change for TLS 1.0/1.1 to January. I assume this was to match what was believed to be Chrome's timeline regardin...
    Kerzyte .
    last modified by Kerzyte .
  • Cipher Suites to Grading Mapping

    Does SSLLabs provide a mapping on cipher suites with its corresponding grades? I'd like to get a list of cipher suites that SSLLabs tests for along with the grade SSLLabs would give that specific cipher suite.
    jim toby
    last modified by jim toby
  • Test shows TLS 1.1 enabled when it is not

    Here is what is set in my httpd.conf SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11 SSLProtocolEnable TLSv12 SSLCipherSpec ALL NONE SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_E...
    Eddie Clement
    last modified by Eddie Clement
  • Does SSL Labs scan for BREACH?

    Hello, I was running SSL Labs scans against our web service and website. Does the scan detect BREACH vulnerability? If not, what could I use to detect this?   Thanks, Sam
    Sam Robertson
    last modified by Sam Robertson
  • Windows 2012R2 only weak ciphers listed / still A rating

    Hi,   When scanning a website hosted on Windows 2012R2 we get an A rating but when looking at the details only weak ciphers are llisted. I have used the nartac IISCrypto Utility and used the PCI 3.2 template ...
    Stephan van Hienen
    last modified by Stephan van Hienen
  • Signature Verification Failed Vulnerability - Sectigo CA "USERTrust ECC Certification Authority"

    Do the qualys scanners have the new Sectigo CA "USERTrust ECC Certification Authority"  in the trusted store? We are getting vulnerability from Qualys scan reports stating that it's unable to get&#...
    John Soares
    last modified by John Soares
  • Why is TLS_RSA_WITH_AES_128_GCM_SHA256 considered weak cipher

    I ran a test on a site and it showed TLS_RSA_WITH_AES_128_GCM_SHA256 is a weak cipher, but according to IBM Knowledge Center it shows to be a medium to high strength cipher.   Table 1. Medium and high strength TL...
    Eddie Clement
    last modified by Eddie Clement
  • Two SSL certificates appearing on scan results (https://www.ssllabs.com/ssltest/)

    What can I do to remove the second certificate? The unknown certificate is causing errors to some users. The URL is kimarineadventures.com. Thank you in advance.
    Querwin Guron
    last modified by Querwin Guron
  • Conditions of SSL Scanning TLS 1.0 /1.1 enabled

    I have an Azure service fabric environment with no applications (clean environment). I disabled TLS 1.0 / 1.1 in the  5 nodes of this cluster. But when I scan using the SSL Lab, it shows that TLS 1.0 / 1.1 is st...
    Catherine Li
    last modified by Catherine Li
  • No grading on failed HPKP check

    I'm using the ssllabs api to monitor the gradings of our certificates via powershell, see below. But on sites that have a failed HPKP check i don't get a grading object back in the json, while if i check the same sit...
    ronald van den berg
    last modified by ronald van den berg
  • How to speed up the scanning process?

    Hello, I'm a Ph.D. student in U.S. I am using ssllabs-scan to download certificates of a bunch of domains.  Recently I found that around 20 mins are needed for scanning a single domain which is too slow for me....
    Zhiju Yang
    last modified by Zhiju Yang
  • Problems with renegotiation testing on SSL Labs reports

    SSL Labs server reports such as https ://www.ssllabs.com/ssltest/analyze.html?d=buy.itunes.apple.com (sorry, link brken to make the URL readable) have *two* links to more info about secure renegotiation at https://co...
    Andrew Aitchison
    last modified by Andrew Aitchison
  • Cipher Suite for have A+ score

    Hi, some years ago I set up my server with a good Cipher Suite that actually continue score A+ on SSL LABS but i see there are 4 weak configuration. I want remove this and replace with a good one but don't know what c...
    last modified by |Mark|
  • Why SSLLAB gives TLS 1.0 enabled when it is not?

    Hello all, I have two services with the same configuration running in Azure as an App Service. We recently changed the SSL configuration to use 1.1 as minimum version for TLS. After the change, when running the SSLLAB...
    Moisés García
    last modified by Moisés García
  • Dual ECDSA/RSA certs weird Safari results?

    Hello, when setting up an Apache server with with both an ECDSA cert and an RSA cert, I get puzzling results with SSL Labs when I add weak TLS_RSA_WITH_AES_128|256_CBC_SHA RSA based ciphers to the end of the list Saf...
    Valérie Martin
    last modified by Valérie Martin
  • Seeking workaround to restore bad grading on SSL

    I have a bad SSL report graded F and really need assistance. Below are summary results of what i gathered after the scan. ______________________________________________________________________________________________...
    Kedesh Pinia
    last modified by Kedesh Pinia
  • API Chain Issues

    Hello, I am using the API to extract a website's report in .json form using a Python script. I am then parsing through the json to create an output report with the most useful fields. However, I am a little confused ...
    Alan Conrad
    last modified by Alan Conrad
  • Inconsistent results scanning sites for Zombie Poodle / OpenSSL 0-Length

    2 sites ("A and B") behind a Netscaler VPX load balancer, different FQDN for each, two servers behind the load balancer for each (A1 and A2, B1 and B2).   Getting inconsistent results with one of the sites "B", ...
    Erik Ent
    last modified by Erik Ent
  • Cipher Suite Server Preference Test & Stapling

    I am conducting research that involves identifying server preference and OCSP stapling.   1) May I ask what the algorithm for testing server preference is? It seems to identify preference when my own algorithm d...
    Wilson Nguyen
    last modified by Wilson Nguyen