• Downloadable viewMyClient results?

    We sometimes use viewMyClient in troubleshooting user problems. Is there (or could there be) a way of obtaining the test results that is less error-prone than telling the client to "send us the page" (which might resu...
    Ulrich Schwarz
    last modified by Ulrich Schwarz
  • My Rate is F very poor, how to improve this

    My Rate is F very poor, how to improve this. How to improve my rate to A. Below is the summary of my website SSL Security.
    Mety Soriano
    last modified by Mety Soriano
  • Remove scan result from Google search results

    Hello, everybody. I would like to have some search results removed by Google. Is that possible? Because I have made the mistake of using https://www.dev.ssllabs.com/ instead of https://ww.ssllabs.com.   When I ...
    Luca Nussbaumen
    last modified by Luca Nussbaumen
  • SSL Server Test-Weak Ciphers

    Below is the CipherSuite which is configured on Apache-SSL.conf, When I am running SSL Server Test we are getting the result as we are using weak ciphers. Can someone please help how to disable the weak cipheres, ...
    Teja Mannava
    last modified by Teja Mannava
  • Failed to obtain certificate - Cloudflare

    Hi,   I have a site protected with cloudflare which I am unable to scan with SSLLabs.  Scans have previously worked.   When I first scan I get a "Failed to obtain certificate" error.  I can clear...
    Ian Nice
    last modified by Ian Nice
  • TLS 1.0 support is falsely reported

    Hello!   SSL test says Protocols: "TLS 1.0  Yes"   SSL Server Test: system.paymentgateway.hu (Powered by Qualys SSL Labs)    I've tested with curl: `curl -vvv --http1.1 --tlsv1.0 http...
    Viktor Szépe
    last modified by Viktor Szépe
  • Chain issue: Contains anchor

    If the certificate chain presented by the server contains the root anchor, this is noted as a "issue" in the result.   It is my belief that this is actually NOT an issue according to RFC5246:   "Because ce...
    last modified by kju
  • TLS_RSA_WITH_AES_256_CBC_SHA comes to be weak cipher?

    Shall I know why SSL Labs start treating the below ciphers as weak cipher?   TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK  256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK  128 TLS_...
    Tianyi Shui
    last modified by Tianyi Shui
  • This server's certificate chain is incomplete. Grade capped to B.

    Is "This server's certificate chain is incomplete. Grade capped to B." really still reflecting the situation today? I'm using a certificate from gandi without the intermediate certifcate on the server. None of the mod...
    last modified by binaryanomaly
  • viewMyClient test serving insecure content

    The page @ Qualys SSL Labs - Projects / SSL Client Test    Gives an insecure warning, because on line #86 it uses:   <iframe src="http://plaintext.ssllabs.com/plaintext/frame.html" class="display-no...
    Ron K
    last modified by Ron K
  • Question about clearing entry

    Can Qualys clear an entry in the SSLLABS test? I added HSTS and I cannot get it to update its scan results. I made the same change to a number of other domains and it the refresh scan detected just fine. It won't upda...
    Robert Glus
    last modified by Robert Glus
  • Grade capped to "B" due to weak DH parameter

    Hi,   Ssltest reports "This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B". Certificate is backed by BigIP F5, which is limited to 1024 DH primes but is not subject to the ...
    Olivier BOËL
    last modified by Olivier BOËL
  • TLS 1.0/1.1 Grading Change Date

    As recently detailed in the changelog and the updated blog post, SSL Labs has moved the the grading change for TLS 1.0/1.1 to January. I assume this was to match what was believed to be Chrome's timeline regardin...
    Kerzyte .
    last modified by Kerzyte .
  • Cipher Suites to Grading Mapping

    Does SSLLabs provide a mapping on cipher suites with its corresponding grades? I'd like to get a list of cipher suites that SSLLabs tests for along with the grade SSLLabs would give that specific cipher suite.
    jim toby
    last modified by jim toby
  • Test shows TLS 1.1 enabled when it is not

    Here is what is set in my httpd.conf SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11 SSLProtocolEnable TLSv12 SSLCipherSpec ALL NONE SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_E...
    Eddie Clement
    last modified by Eddie Clement
  • Does SSL Labs scan for BREACH?

    Hello, I was running SSL Labs scans against our web service and website. Does the scan detect BREACH vulnerability? If not, what could I use to detect this?   Thanks, Sam
    Sam Robertson
    last modified by Sam Robertson
  • SSL Labs Changelog

    Version 1.36.2 Released to production on 11 October 2019   Updates Prepone grade change for supporting TLS1.0/1.1 to January 2020, Also changed in Summary messages   Version 1.36.1 Release to producti...
    Ivan Ristić
    last modified by Yash KS
  • SSL Labs: Read This First

    Bugs and Known Issues You'll find a record of known issues on this page. Please report new problems here. Please don't use the issue tracker to report suggestions about grading changes.   Commonly Requested Featu...
    Ivan Ristić
    last modified by Robert Dell'Immagine
  • Windows 2012R2 only weak ciphers listed / still A rating

    Hi,   When scanning a website hosted on Windows 2012R2 we get an A rating but when looking at the details only weak ciphers are llisted. I have used the nartac IISCrypto Utility and used the PCI 3.2 template ...
    Stephan van Hienen
    last modified by Stephan van Hienen
  • Signature Verification Failed Vulnerability - Sectigo CA "USERTrust ECC Certification Authority"

    Do the qualys scanners have the new Sectigo CA "USERTrust ECC Certification Authority"  in the trusted store? We are getting vulnerability from Qualys scan reports stating that it's unable to get&#...
    John Soares
    last modified by John Soares