• Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    last modified by DMFezzaReed
  • Key Exchange strength

    I'm trying to understand the grading scheme for Key Exchange strength. I'm currently getting a grade of 90%. My servers have both RSA/4096 and ECC/384 keys on them, using KxECDHE only.   The grading guide, ...
    Ken Schultz
    last modified by Ken Schultz
  • Regarding RFC 7627 on Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension will become a mandatory TLS extension

    Does Qualys SSL Server test will make this "extended Master secret" TLS extension mandatory to get A+ grade?
    Sajeev S
    last modified by Sajeev S
  • SSL tab test on my host showing "Unable to resolve domain name"

    dns dnsname   I am trying to test my service host name which is hosted in AWS. I always get "Unable to resolve domain name" error. I want to understand more and want to get some logs depicting which cname i...
    Sourabh Agarwal
    last modified by Sourabh Agarwal
  • SSL Server Test Bug

    Has anyone else noticed a bug with the SSL server test recently when completing a standard scan?   I have recently completed some regular SSL server scans and noticed on a couple of occasions that the scan which...
    Ricky Hartland
    last modified by Ricky Hartland
  • SSL Report Query

    I have run an SSL Report against a URL and it confirms that we have a certificate related to the URL but because we have multiple services behind a Port Forwarding setup it doesn't show which of the servers is showing...
    Brian Kent
    last modified by Brian Kent
  • Dashboard Toolbox - AssetView: SSL/TLS MGMT Dashboard (v1.0)

    This AssetView Dashboard will enable you to be more pro-active in your SSL/TLS MGMT from your Qualys Vulnerability Management scans. Get a quick, easy glance to KPIs for SSL/TLS MGMT across different technologies. ...
    Felix Jimenez
    last modified by DMFezzaReed
  • Deprecated SSH Cryptographic Settings

    We ran qualys security tool on servers and found "SSH Cryptographc Settings" vulnerability in the report. We followed steps given in below links, but still we are getting same  vulnerability message in the repor...
    kasim shaik
    last modified by kasim shaik
  • False Grade F via SSLLabs API

    Hi,   I run regularly scan of some selected sites using SSL Labs API. On the 5th of December, I've noticed that one of the sites has received the grade F by automated scan. When I ran the scan manually via SSL L...
    last modified by pessoft
  • Public methods available in Groovy Script for invocation on different objects

    av_tagging groovy
    last modified by DMFezzaReed
  • A+ score - but only weak ciphers available?

    Hi,   I'm struggling to understand how a website can score A+ although _only_ weak ciphers are available (Example). Would an A+ not create a false view on security in this case? Why does the marking of CBC ciph...
    last modified by jprueter
  • When did Qualys start reporting on IDEA ciphers?

    I am curious if others have seen an uptick in Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) detection caused by 3DES but also for IDEA ciphers which suffer the same flaw. ...
    last modified by adamc
  • My Rate is F very poor, how to improve this

    My Rate is F very poor, how to improve this. How to improve my rate to A. Below is the summary of my website SSL Security.
    Mety Soriano
    last modified by Mety Soriano
  • Remove scan result from Google search results

    Hello, everybody. I would like to have some search results removed by Google. Is that possible? Because I have made the mistake of using https://www.dev.ssllabs.com/ instead of https://ww.ssllabs.com.   When I ...
    Luca Nussbaumen
    last modified by Luca Nussbaumen
  • SSL Server Test-Weak Ciphers

    Below is the CipherSuite which is configured on Apache-SSL.conf, When I am running SSL Server Test we are getting the result as we are using weak ciphers. Can someone please help how to disable the weak cipheres, ...
    Teja Mannava
    last modified by Teja Mannava
  • viewMyClient test serving insecure content

    The page @ Qualys SSL Labs - Projects / SSL Client Test    Gives an insecure warning, because on line #86 it uses:   <iframe src="http://plaintext.ssllabs.com/plaintext/frame.html" class="display-no...
    Ron K
    last modified by Ron K
  • API Gateway - Application API Docs (Swagger)

    Module Version API Gateway Documentation FIM 1 https://gateway.qg1.apps.qualys.com/apidocs/fim/v1   FIM 2 https://gateway.qg1.apps.qualys.com/apidocs/fim/v2 ITAM/AI 1 https://gateway.qg1.apps.qualys.com/apid...
    Laura Seletos
    last modified by Laura Seletos
  • Question about clearing entry

    Can Qualys clear an entry in the SSLLABS test? I added HSTS and I cannot get it to update its scan results. I made the same change to a number of other domains and it the refresh scan detected just fine. It won't upda...
    Robert Glus
    last modified by Robert Glus
  • Grade capped to "B" due to weak DH parameter

    Hi,   Ssltest reports "This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B". Certificate is backed by BigIP F5, which is limited to 1024 DH primes but is not subject to the ...
    Olivier BOËL
    last modified by Olivier BOËL
  • Cipher Suites to Grading Mapping

    Does SSLLabs provide a mapping on cipher suites with its corresponding grades? I'd like to get a list of cipher suites that SSLLabs tests for along with the grade SSLLabs would give that specific cipher suite.
    jim toby
    last modified by jim toby