• SSL/TLS Capabilities of Your Browser

    Getting mixed content warnings when visiting Qualys SSL Labs - Projects / SSL Client Test. Likely due to the http:// iframe src attribute used in the iframe buster. <iframe src="http://plaintext.ssllabs.com/plainte...
    Think Marketing
    last modified by Think Marketing
  • CertView Question - Does the Qualys Agent take inventory of the certificates?

    Does anyone know if CertView for Internal can track certificates on workstations that are running the Agent?  If the agent does this, is there a report for it as well?   Please let me know.   Thanks
    Rusty Qualyz
    last modified by Rusty Qualyz
  • Why the Grade is capped down to B from A+ when weak ciphers are removed?

    Initially, when tested with ssllabs, overall rating was given A+. Under Cipher suites it showed all the ciphers with CBC and TLS_RSA as weak. I know that these are considered weak. # TLS 1.2 (suites in server-preferre...
    Meshach M
    last modified by Meshach M
  • DoD Root CA 3 Not in trust store

    Why is SSLLabs failing on my site with this error:   DoD Root CA 3   Not in trust store. It's saying my server certificate is not trusted and our ISP is threatening to shut it down due to this status. ...
    Dan Wegrzyniak
    last modified by Dan Wegrzyniak
  • Qualys Cloud Suite Password Parameters and Defaults in Release 8.16

    Qualys Cloud Platform Release 8.16 includes New Password Security Options   We’ve added several new password security options to enforce a strong password policy when logging into your Qualys subscript...
    last modified by DMFezzaReed
  • How Can I Target Specific Redirected Servers

    We have multiple servers on the same i/p. They are accessed using port redirection. Can the SSL Labs Server Test be redirected at specific ports, thereby targeting specific servers? For eg. a LIve server may have an i...
    Rory wilson
    last modified by Rory wilson
  • Specifying both a domain & IP address to test?

    We have a few websites that are fronted by Akamai. Akamai provides a staging/test network to test changes to their configurations before rolling them out to their production network. They provide the test network by p...
    Bruce Pennypacker
    last modified by Bruce Pennypacker
  • problem about "zombie POODLE" and "OpenSSL 0-length"

    i am testing my SSL offload device with https://www.ssllabs.com/ssltest, and it reported that it had the issue of "zombie POODLE"、"OpenSSL 0-length". i test it many times, only a few try would report that is...
    xj li
    last modified by xj li
  • Trouble with intermediate certificate "Chain Issues: Incomplete"

    I am struggling with getting my intermediate certificate set up.  Everything is fine in ordinary web browsers.  But SSLLABS and Facebook both seem to have trouble with the intermediate.   SSL Server Te...
    Amanda Chaudhary
    last modified by Amanda Chaudhary
  • Is there a planned date in mind when TLSv1.3 will be required to achieve an A/A+ on your test site?

    I want to be prepared on my side to be sure I am ready whenever you start requiring TLSv1.3 for grading.
    Richard Reppert
    last modified by Richard Reppert
  • Green ciphers marked "Weak" ?

    https://www.ssllabs.com/ssltest/analyze.html?d=cambridge-water.co.uk  shows ciphers 0x9e and 0x9f (TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA25) in green, but marked "WEAK"; screen g...
    Andrew Aitchison
    last modified by Andrew Aitchison
  • Only "weak" ciphers but still grade "A"

    https://www.ssllabs.com/ssltest/analyze.html?d=www.lensfieldpractice.org shows a server with an '"A" rating but *all* cipher suites are marked "weak".   A grade "A" should require at least one cipher that is not...
    Andrew Aitchison
    last modified by Andrew Aitchison
  • CVE-2019-6593 mitigations besides disabling CBC

    Good morning folks,   Clearly disabling CBC ciphers is the recommendation I am reading when looking around for mitigations for the new variants. For some sites I am getting an F and the only way I have been able...
    last modified by mreavey
  • Update wording, TLS version in ssllabs

    The SSLlabs test wordings need a thorough review, to be accurate now that TLS1.3 is supported and included. For example, these 2 wordings are  clearly out of date:- ] The server supports only older protocols, ...
    Simon Iremonger
    last modified by Simon Iremonger
  • ROBOT/CVE-2017-6168 scan used at /ssltest same as the full suite?

    Does the scanner at https://www.ssllabs.com/ssltest/ use the same scan or script for ROBOT/CVE-2017-6168 as your modified robot-detect.py script referenced at https://qualys.secure.force.com/articles/How_To/000002963 ?
    Brad Davis
    last modified by Brad Davis
  • Security impact of "weak" cipher suites

    We are using Cloudflare and thus the SSL report gives us a rating of A+. However, it shows a number of cipher suites marked as "weak". The problem is that this is frowned upon by a German security certification that w...
    Richard Musiol
    last modified by Richard Musiol
  • Unable to access Qualys with Windows10

    Dear Colleagues, Please I'm sorry to interrupt you. The company where I'm working, has initiated the migration to Windows 10. The problem is that, using Win10, I can´t access to Qualys Guard. I deleted and r...
    Ale Dragone
    last modified by Ale Dragone
  • TLS Remediation

    How to disable port 443 for TLS 1.0 & 1.1, 3DES, Weak 64-bit ciphers (Sweet32) on Brocade SAN switch?
    Steven McNeill
    last modified by Steven McNeill
  • Chain Issues, Incorrect order contains anchor

    Sorry if this is posted to the wrong place   I'm migrating from TMG to Loadbalancer for reverse proxy and I'm a bit confused about why the same cert passes SSL Labs server scans for TMG reverse proxied sites but...
    Mark Haddon
    last modified by Mark Haddon
  •   Dashboard Toolbox - AssetView: SSL/TLS MGMT Dashboard (v1.0)

    This AssetView Dashboard will enable you to be more pro-active in your SSL/TLS MGMT from your Vulnerability mgmt Qualys Scans.Get a quick, easy glance to KPIs for SSL/TLS MGMT across different technologies.  Why ...
    Felix Jimenez
    last modified by Felix Jimenez