• Problems with renegotiation testing on SSL Labs reports

    SSL Labs server reports such as https ://www.ssllabs.com/ssltest/analyze.html?d=buy.itunes.apple.com (sorry, link brken to make the URL readable) have *two* links to more info about secure renegotiation at https://co...
    Andrew Aitchison
    last modified by Andrew Aitchison
  • Cipher Suite for have A+ score

    Hi, some years ago I set up my server with a good Cipher Suite that actually continue score A+ on SSL LABS but i see there are 4 weak configuration. I want remove this and replace with a good one but don't know what c...
    |Mark|
    last modified by |Mark|
  • SSL Certificate related vulnerabilities.

    SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: 38170 System: windows server 2012 Cert. used: wildcard from Symantec RESULTS: Certificate #0 CN=*.....com,OU=....,O=.....,L=...,C=... (*......com) ...
    Md. Imran Hosan
    last modified by Md. Imran Hosan
  • Why SSLLAB gives TLS 1.0 enabled when it is not?

    Hello all, I have two services with the same configuration running in Azure as an App Service. We recently changed the SSL configuration to use 1.1 as minimum version for TLS. After the change, when running the SSLLAB...
    Moisés García
    last modified by Moisés García
  • Dual ECDSA/RSA certs weird Safari results?

    Hello, when setting up an Apache server with with both an ECDSA cert and an RSA cert, I get puzzling results with SSL Labs when I add weak TLS_RSA_WITH_AES_128|256_CBC_SHA RSA based ciphers to the end of the list Saf...
    Valérie Martin
    last modified by Valérie Martin
  • Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    DMFezzaReed
    last modified by Felix Jimenez
  • DNSSEC

    Hi,    Recently i am with problems to do SSL TEST from you web. The message is "UNABLE TO RESOLVE DOMAIN NAME" but i test the DNS from other locations and works fine.   In trobleshooting, i have...
    david Peña
    last modified by david Peña
  • API Chain Issues

    Hello, I am using the API to extract a website's report in .json form using a Python script. I am then parsing through the json to create an output report with the most useful fields. However, I am a little confused ...
    Alan Conrad
    last modified by Alan Conrad
  • Inconsistent results scanning sites for Zombie Poodle / OpenSSL 0-Length

    2 sites ("A and B") behind a Netscaler VPX load balancer, different FQDN for each, two servers behind the load balancer for each (A1 and A2, B1 and B2).   Getting inconsistent results with one of the sites "B", ...
    Erik Ent
    last modified by Erik Ent
  • Meaning of EC Groups information

    While adapting my home-developed TLS server analysis tool to TLS1.3, and comparing it to ssllabs Free SSL Server Test, I found differences in the reporting of the EC and DHE supported groups/curves. My tool uses the ...
    Jesús Diego
    last modified by Jesús Diego
  • SSL/TLS Capabilities of Your Browser

    Getting mixed content warnings when visiting Qualys SSL Labs - Projects / SSL Client Test. Likely due to the http:// iframe src attribute used in the iframe buster. <iframe src="http://plaintext.ssllabs.com/plainte...
    Think Marketing
    last modified by Think Marketing
  • CertView Question - Does the Qualys Agent take inventory of the certificates?

    Does anyone know if CertView for Internal can track certificates on workstations that are running the Agent?  If the agent does this, is there a report for it as well?   Please let me know.   Thanks
    Rusty Qualyz
    last modified by Rusty Qualyz
  • DoD Root CA 3 Not in trust store

    Why is SSLLabs failing on my site with this error:   DoD Root CA 3   Not in trust store. It's saying my server certificate is not trusted and our ISP is threatening to shut it down due to this status. ...
    Dan Wegrzyniak
    last modified by Dan Wegrzyniak
  • Qualys Cloud Suite Password Parameters and Defaults in Release 8.16

    Qualys Cloud Platform Release 8.16 includes New Password Security Options   We’ve added several new password security options to enforce a strong password policy when logging into your Qualys subscript...
    DMFezzaReed
    last modified by DMFezzaReed
  • How Can I Target Specific Redirected Servers

    We have multiple servers on the same i/p. They are accessed using port redirection. Can the SSL Labs Server Test be redirected at specific ports, thereby targeting specific servers? For eg. a LIve server may have an i...
    Rory wilson
    last modified by Rory wilson
  • Specifying both a domain & IP address to test?

    We have a few websites that are fronted by Akamai. Akamai provides a staging/test network to test changes to their configurations before rolling them out to their production network. They provide the test network by p...
    Bruce Pennypacker
    last modified by Bruce Pennypacker
  • problem about "zombie POODLE" and "OpenSSL 0-length"

    i am testing my SSL offload device with https://www.ssllabs.com/ssltest, and it reported that it had the issue of "zombie POODLE"、"OpenSSL 0-length". i test it many times, only a few try would report that is...
    xj li
    last modified by xj li
  • Trouble with intermediate certificate "Chain Issues: Incomplete"

    I am struggling with getting my intermediate certificate set up.  Everything is fine in ordinary web browsers.  But SSLLABS and Facebook both seem to have trouble with the intermediate.   SSL Server Te...
    Amanda Chaudhary
    last modified by Amanda Chaudhary
  • Green ciphers marked "Weak" ?

    https://www.ssllabs.com/ssltest/analyze.html?d=cambridge-water.co.uk  shows ciphers 0x9e and 0x9f (TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA25) in green, but marked "WEAK"; screen g...
    Andrew Aitchison
    last modified by Andrew Aitchison
  • Only "weak" ciphers but still grade "A"

    https://www.ssllabs.com/ssltest/analyze.html?d=www.lensfieldpractice.org shows a server with an '"A" rating but *all* cipher suites are marked "weak".   A grade "A" should require at least one cipher that is not...
    Andrew Aitchison
    last modified by Andrew Aitchison