Log in to follow, share, and participate in this community. Not a member? Join Now! Servers that support TLS 1.3 and don't support any of the lower versions should not be downgraded to an "A" from an "A+". Today's expiration of the 20-year "USERTrust RSA Certification Authority" certificate has prompted me to notice that, although the SSL Report does note in the detail that a certificate in the chain has expired, this d... We had an A+ but was downgraded. I corrected the new issues found and used IIS Crypto to verify best practice settings. After making changes we are only at an A. The only two indicators the SSL Labs gives me are below... Hello! SSL Server Test: secure.simplepay.hu (Powered by Qualys SSL Labs) Could it be that Sectigo's cross-signed certificate causes this problem? Sectigo Knowledge Base Please advi... I am using java 1.8.0_191 on my web server, I am writing a code which will call external web service which has following details Secure Renegotiation Not supported ACTION NEEDED Secure... Guys, Just to let you know, there seems to be some discrepancy for the results from this website (SSL Server Test (Powered by Qualys SSL Labs). So I have a Cisco router with ssl vpn, and the results sa... Hello, Is there a way to specify an alternate IP for DNS resolution of a website before the SSL Server Test is run? For instance, our production website www.mywebsite.com is currently hosted behi... Hi, Is there a risk/security vulnerability for "Secure Renegotiation: Not Supported"? Thanks, Jack I'm intrigued as to why shows the "OCSP ERROR: Request failed with OCSP status: 6" alert together with "OCSP stapling = No". Another site, on the same server, using the same cert issuer, along with the same SSLCACert... Hi, I don't understand why I have two trusted paths and why the StartCom Certification Authority certificate of the Path #1 is weak (= SHA1) and what is the solution to solve this. Thanks in advance. ... I have a question about the handshake simulation. I've sometimes seen that this lists a cipher that is somewhere at the bottom of the server's preferred order list despite there being a cipher "above" that the client ... Shall I know why TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 being treated as weak? When did it become weak? Thanks. I'm using the ssllabsscanner.py file here to perform the SSL Scan in PyCharm. It works and provides a response, but I am missing important objects mentioned in the documentation: https://github.com/ssllabs/ssllabs-sc... made an Issue Result strange when server uses dual EC plus RSA cert · Issue #797 · ssllabs/ssllabs-scan · GitHub attached the complete scan result ... This page documents the known issues with the SSL Labs code running in production (i.e., www.ssllabs.com). If your issue is listed as fixed in the latest development version, check it at: https://dev.ssllabs.c... I am running EFT Enterprise by Globalscape on a 2016 Server OS. I get an A+ from the Qualys scan at this URL (https://exfer01.jp.ftitechnology.com) however for some reason the following two ciphers do not get picked u... Can get my reports on Cloudfront sites to level A. I think to get to A+ I need a way to solve this issue: Session resumption (caching) No (IDs assigned but not accepted) Any ideas on how to crack that one? These properties are available in the UI when performing a scan at SSL Server Test (Powered by Qualys SSL Labs), but they don't seem to have corresponding properties in the API response: Revocation Status... I keep getting this error message. Any ideas on what the issue is? Thanks in advance. Does Qualys SSL Server test will make this "extended Master secret" TLS extension mandatory to get A+ grade?