• Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    DMFezzaReed
    last modified by DMFezzaReed
  • Apache 2.2 site (no OCSP stapling) gets OCSP alert

    I'm intrigued as to why shows the "OCSP ERROR: Request failed with OCSP status: 6" alert together with "OCSP stapling = No". Another site, on the same server, using the same cert issuer, along with the same SSLCACert...
    gaia
    last modified by gaia
  • Weak StartCom CA SHA1 only for Path #1

    Hi,   I don't understand why I have two trusted paths and why the StartCom Certification Authority certificate of the Path #1 is weak (= SHA1) and what is the solution to solve this. Thanks in advance.   ...
    Gaspard d'Hautefeuille
    last modified by Gaspard d'Hautefeuille
  • Handshake simulation

    I have a question about the handshake simulation. I've sometimes seen that this lists a cipher that is somewhere at the bottom of the server's preferred order list despite there being a cipher "above" that the client ...
    Anand Bhat
    last modified by Anand Bhat
  • Qualys Cloud Platform 2.6 (CertView) API notification 1

    A new release of Qualys Cloud Platform 2.6 (CertView) includes an updated API which is targeted for release in June 2020. The specific day will differ depending on the platform. See platform release dates on the Qualy...
    Jeff Leggett
    last modified by Jeff Leggett
  • SSL Labs Known Issues & SSL Labs IP Source IP Addresses

    This page documents the known issues with the SSL Labs code running in production (i.e., www.ssllabs.com).   If your issue is listed as fixed in the latest development version, check it at: https://dev.ssllabs.c...
    Ivan Ristić
    last modified by Robert Dell'Immagine
  • Regarding RFC 7627 on Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension will become a mandatory TLS extension

    Does Qualys SSL Server test will make this "extended Master secret" TLS extension mandatory to get A+ grade?
    Sajeev S
    last modified by Sajeev S
  • SSL Pulse dashboard

    The SSL Pulse dashboard is a great way to track the progress of the top sites, but the ordering needs some improvement.   Please can you move "Protocol support" and "Best protocol support" to places 3 and 4...
    Tom Fox
    last modified by Tom Fox
  • Trouble with intermediate certificate "Chain Issues: Incomplete"

    I am struggling with getting my intermediate certificate set up.  Everything is fine in ordinary web browsers.  But SSLLABS and Facebook both seem to have trouble with the intermediate.   SSL Server Te...
    Amanda Chaudhary
    last modified by Amanda Chaudhary
  • API Gateway - Application API Docs (Swagger)

    Module Version API Gateway Documentation FIM 1 https://gateway.qg1.apps.qualys.com/apidocs/fim/v1   FIM 2 https://gateway.qg1.apps.qualys.com/apidocs/fim/v2 ITAM/AI 1 https://gateway.qg1.apps.qualys.com/apid...
    Laura Seletos
    last modified by Laura Seletos
  • Product Feature Requests

    What is a Feature Request? A Feature Request is any suggestion for an enhancement to Qualys software. Feature Requests are not a contractual obligation for Qualys to develop the suggestion or to develop the request as...
    DMFezzaReed
    last modified by DMFezzaReed
  • No TLS 1.2 should result in an F score

    Sites such as Team Knowhow  that don't support TLS 1.2 are completely inaccessible in latest Firefox and Chrome (without clicking on dire warnings and 'Advanced' buttons and such). Surely this should ra...
    Jon Ribbens
    last modified by Jon Ribbens
  • False Grade F via SSLLabs API

    Hi,   I run regularly scan of some selected sites using SSL Labs API. On the 5th of December, I've noticed that one of the sites has received the grade F by automated scan. When I ran the scan manually via SSL L...
    pessoft
    last modified by pessoft
  • TLS 1.0 enabled, TLS 1.1 disabled - "A" score

    I have a site that previously had an "A+" score but is now capped at "B" since TLS 1.0 / 1.1 are enabled.   I disabled TLS 1.1 since almost no clients use it, and now I get an "A" score - even though TLS 1....
    David Carlin
    last modified by David Carlin
  • F grade : Zombie POODLE, Golden DOODLE & 0-length with openssl 1.1.1

    I'm currently using stunnel with openssl 1.1.1 on a ubuntu 18.04.4, with only TLS 1.2 and I'm getting a F grade with ssllabs. I have both CMC and GCM cipher suites. Sometimes I get a A grade, sometimes a F. When I g...
    Maxime Roullier
    last modified by Maxime Roullier
  • Signer Certificate use and management

    I have a certificate database which consists of "Signer Certificates"  "Personal Certificates"  "Certificate Requests"   I have several signer certificates which are expired. Can I delete these expire...
    Carson Austin
    last modified by Carson Austin
  • Does Server Test report ESNI status? Will it in the future?

    Are there any plans for the SSL Labs - Server Test to report on whether the server supports Encrypted Server Name Indication (ESNI)?   If the Server Test already reports on this, can someone direct me to wh...
    Greg Williams
    last modified by Greg Williams
  • TLS 1.1 needed for certificate fetching?

    We have an F5 appliance (LTM 15) where we are tightening down security for the upcoming January 2020 changes: specifically disabling TLS 1.0 and 1.1, and enabling 1.3. TLS 1.2 is already enabled by default.   En...
    Anthony Loost
    last modified by Anthony Loost
  • Different ratings...same host

    2 hostnames which both resolve to the same IP address - 1 is an A record and 1 is a CNAME -- get 2 different ratings...one is an A and one is an A+. I have tried 'clearing cache' multiple times to no avail. Any sugges...
    Lauren Dunnevant
    last modified by Lauren Dunnevant
  • Questions about TLS 1.1 protocols showing on the SSL Report.

    My name is Michael Bashore and I am a support engineer for nCino here in Wilmington North Carolina. One of our organization ran the test and saw the 1.1 protocols and is concerned that they are being used and are a we...
    Michael Bashore
    last modified by Michael Bashore