• No grading on failed HPKP check

    I'm using the ssllabs api to monitor the gradings of our certificates via powershell, see below. But on sites that have a failed HPKP check i don't get a grading object back in the json, while if i check the same sit...
    ronald van den berg
    last modified by ronald van den berg
  • How to speed up the scanning process?

    Hello, I'm a Ph.D. student in U.S. I am using ssllabs-scan to download certificates of a bunch of domains.  Recently I found that around 20 mins are needed for scanning a single domain which is too slow for me....
    Zhiju Yang
    last modified by Zhiju Yang
  • Problems with renegotiation testing on SSL Labs reports

    SSL Labs server reports such as https ://www.ssllabs.com/ssltest/analyze.html?d=buy.itunes.apple.com (sorry, link brken to make the URL readable) have *two* links to more info about secure renegotiation at https://co...
    Andrew Aitchison
    last modified by Andrew Aitchison
  • Cipher Suite for have A+ score

    Hi, some years ago I set up my server with a good Cipher Suite that actually continue score A+ on SSL LABS but i see there are 4 weak configuration. I want remove this and replace with a good one but don't know what c...
    |Mark|
    last modified by |Mark|
  • SSL Certificate related vulnerabilities.

    SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: 38170 System: windows server 2012 Cert. used: wildcard from Symantec RESULTS: Certificate #0 CN=*.....com,OU=....,O=.....,L=...,C=... (*......com) ...
    Md. Imran Hosan
    last modified by Md. Imran Hosan
  • Why SSLLAB gives TLS 1.0 enabled when it is not?

    Hello all, I have two services with the same configuration running in Azure as an App Service. We recently changed the SSL configuration to use 1.1 as minimum version for TLS. After the change, when running the SSLLAB...
    Moisés García
    last modified by Moisés García
  • Dual ECDSA/RSA certs weird Safari results?

    Hello, when setting up an Apache server with with both an ECDSA cert and an RSA cert, I get puzzling results with SSL Labs when I add weak TLS_RSA_WITH_AES_128|256_CBC_SHA RSA based ciphers to the end of the list Saf...
    Valérie Martin
    last modified by Valérie Martin
  • Seeking workaround to restore bad grading on SSL

    I have a bad SSL report graded F and really need assistance. Below are summary results of what i gathered after the scan. ______________________________________________________________________________________________...
    Kedesh Pinia
    last modified by Kedesh Pinia
  • DNSSEC

    Hi,    Recently i am with problems to do SSL TEST from you web. The message is "UNABLE TO RESOLVE DOMAIN NAME" but i test the DNS from other locations and works fine.   In trobleshooting, i have...
    david Peña
    last modified by david Peña
  • API Chain Issues

    Hello, I am using the API to extract a website's report in .json form using a Python script. I am then parsing through the json to create an output report with the most useful fields. However, I am a little confused ...
    Alan Conrad
    last modified by Alan Conrad
  • Inconsistent results scanning sites for Zombie Poodle / OpenSSL 0-Length

    2 sites ("A and B") behind a Netscaler VPX load balancer, different FQDN for each, two servers behind the load balancer for each (A1 and A2, B1 and B2).   Getting inconsistent results with one of the sites "B", ...
    Erik Ent
    last modified by Erik Ent
  • Cipher Suite Server Preference Test & Stapling

    I am conducting research that involves identifying server preference and OCSP stapling.   1) May I ask what the algorithm for testing server preference is? It seems to identify preference when my own algorithm d...
    Wilson Nguyen
    last modified by Wilson Nguyen
  • Meaning of EC Groups information

    While adapting my home-developed TLS server analysis tool to TLS1.3, and comparing it to ssllabs Free SSL Server Test, I found differences in the reporting of the EC and DHE supported groups/curves. My tool uses the ...
    Jesús Diego
    last modified by Jesús Diego
  • SSL/TLS Capabilities of Your Browser

    Getting mixed content warnings when visiting Qualys SSL Labs - Projects / SSL Client Test. Likely due to the http:// iframe src attribute used in the iframe buster. <iframe src="http://plaintext.ssllabs.com/plainte...
    Think Marketing
    last modified by Think Marketing
  • CertView Question - Does the Qualys Agent take inventory of the certificates?

    Does anyone know if CertView for Internal can track certificates on workstations that are running the Agent?  If the agent does this, is there a report for it as well?   Please let me know.   Thanks
    Rusty Qualyz
    last modified by Rusty Qualyz
  • How can I enable the ciphersuites 0xcc13-0xcc15?

    Hi,   I am using apache 2.4.38 with openssl 1.1.1c on Debian 10. I want to enable secure ciphers only. For compatibility reasons (with android 5.0 and 6.0),however, I would like to enable the ciphersuites 0xcc...
    Aaron Schaal
    last modified by Aaron Schaal
  • Ciphers: Strong vs Weak

    Can anybody answer these questions, please:  Why Chrome identify a cipher negotiated with a web server as STRONG and SSL Lab test tool recognizes it as WEAK? Is there a strong definition of the "Strong Cipher S...
    Andrey Nikonov
    last modified by Andrey Nikonov
  • HSTS marked as No in SSL test?

    Hi,   I tested my domain with SslLabs test and you are marking to No the Strict Transport Security (HSTS) setting: https://www.ssllabs.com/ssltest/analyze.html?d=floren.ca&hideResults=on   However, th...
    Floren Munteanu
    last modified by Floren Munteanu
  • Why the Grade is capped down to B from A+ when weak ciphers are removed?

    Initially, when tested with ssllabs, overall rating was given A+. Under Cipher suites it showed all the ciphers with CBC and TLS_RSA as weak. I know that these are considered weak. # TLS 1.2 (suites in server-preferre...
    Meshach M
    last modified by Meshach M
  • DoD Root CA 3 Not in trust store

    Why is SSLLabs failing on my site with this error:   DoD Root CA 3   Not in trust store. It's saying my server certificate is not trusted and our ISP is threatening to shut it down due to this status. ...
    Dan Wegrzyniak
    last modified by Dan Wegrzyniak