• TLS 1.1 needed for certificate fetching?

    We have an F5 appliance (LTM 15) where we are tightening down security for the upcoming January 2020 changes: specifically disabling TLS 1.0 and 1.1, and enabling 1.3. TLS 1.2 is already enabled by default.   En...
    Anthony Loost
    last modified by Anthony Loost
  • Different ratings...same host

    2 hostnames which both resolve to the same IP address - 1 is an A record and 1 is a CNAME -- get 2 different ratings...one is an A and one is an A+. I have tried 'clearing cache' multiple times to no avail. Any sugges...
    Lauren Dunnevant
    last modified by Lauren Dunnevant
  • Questions about TLS 1.1 protocols showing on the SSL Report.

    My name is Michael Bashore and I am a support engineer for nCino here in Wilmington North Carolina. One of our organization ran the test and saw the 1.1 protocols and is concerned that they are being used and are a we...
    Michael Bashore
    last modified by Michael Bashore
  • API Cert Expiration

    Is there a way to pull in certificate expiration date information, as well as specific issues with the domain you're checking?  I have a test domain, as an example, that is expired, and the certificate name doesn...
    Jerad Riggin
    created by Jerad Riggin
  • TLS Protocol Session Renegotiation Security Vulnerability

    Hello all,   I am having some issues trying to figure out what we need to do about this vulnerability that is showing up for printers...   There are patches and registry hacks to get it remediated for serv...
    Jung Choi
    created by Jung Choi
  • Key Exchange strength

    I'm trying to understand the grading scheme for Key Exchange strength. I'm currently getting a grade of 90%. My servers have both RSA/4096 and ECC/384 keys on them, using KxECDHE only.   The grading guide, ...
    Ken Schultz
    last modified by Ken Schultz
  • SSL tab test on my host showing "Unable to resolve domain name"

    dns dnsname   I am trying to test my service host name which is hosted in AWS. I always get "Unable to resolve domain name" error. I want to understand more and want to get some logs depicting which cname i...
    Sourabh Agarwal
    last modified by Sourabh Agarwal
  • SSL Server Test Bug

    Has anyone else noticed a bug with the SSL server test recently when completing a standard scan?   I have recently completed some regular SSL server scans and noticed on a couple of occasions that the scan which...
    Ricky Hartland
    last modified by Ricky Hartland
  • SSL Report Query

    I have run an SSL Report against a URL and it confirms that we have a certificate related to the URL but because we have multiple services behind a Port Forwarding setup it doesn't show which of the servers is showing...
    Brian Kent
    last modified by Brian Kent
  • Dashboard Toolbox - AssetView: SSL/TLS MGMT Dashboard (v1.0)

    This AssetView Dashboard will enable you to be more pro-active in your SSL/TLS MGMT from your Qualys Vulnerability Management scans. Get a quick, easy glance to KPIs for SSL/TLS MGMT across different technologies. ...
    Felix Jimenez
    last modified by DMFezzaReed
  • Deprecated SSH Cryptographic Settings

    We ran qualys security tool on servers and found "SSH Cryptographc Settings" vulnerability in the report. We followed steps given in below links, but still we are getting same  vulnerability message in the repor...
    kasim shaik
    last modified by kasim shaik
  • Public methods available in Groovy Script for invocation on different objects

    av_tagging groovy
    DMFezzaReed
    last modified by DMFezzaReed
  • A+ score - but only weak ciphers available?

    Hi,   I'm struggling to understand how a website can score A+ although _only_ weak ciphers are available (Example). Would an A+ not create a false view on security in this case? Why does the marking of CBC ciph...
    jprueter
    last modified by jprueter
  • When did Qualys start reporting on IDEA ciphers?

    I am curious if others have seen an uptick in Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) detection caused by 3DES but also for IDEA ciphers which suffer the same flaw. ...
    adamc
    last modified by adamc
  • My Rate is F very poor, how to improve this

    My Rate is F very poor, how to improve this. How to improve my rate to A. Below is the summary of my website SSL Security.
    Mety Soriano
    last modified by Mety Soriano
  • Remove scan result from Google search results

    Hello, everybody. I would like to have some search results removed by Google. Is that possible? Because I have made the mistake of using https://www.dev.ssllabs.com/ instead of https://ww.ssllabs.com.   When I ...
    Luca Nussbaumen
    last modified by Luca Nussbaumen
  • SSL Server Test-Weak Ciphers

    Below is the CipherSuite which is configured on Apache-SSL.conf, When I am running SSL Server Test we are getting the result as we are using weak ciphers. Can someone please help how to disable the weak cipheres, ...
    Teja Mannava
    last modified by Teja Mannava
  • viewMyClient test serving insecure content

    The page @ Qualys SSL Labs - Projects / SSL Client Test    Gives an insecure warning, because on line #86 it uses:   <iframe src="http://plaintext.ssllabs.com/plaintext/frame.html" class="display-no...
    Ron K
    last modified by Ron K
  • Question about clearing entry

    Can Qualys clear an entry in the SSLLABS test? I added HSTS and I cannot get it to update its scan results. I made the same change to a number of other domains and it the refresh scan detected just fine. It won't upda...
    Robert Glus
    last modified by Robert Glus
  • Grade capped to "B" due to weak DH parameter

    Hi,   Ssltest reports "This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B". Certificate is backed by BigIP F5, which is limited to 1024 DH primes but is not subject to the ...
    Olivier BOËL
    last modified by Olivier BOËL