AnsweredAssumed Answered

Remove outdated clients from SSL Server Test?

Question asked by Michael Schefczyk on Jan 31, 2015
Latest reply on Feb 3, 2015 by Michael Schefczyk

Dear All,


From my perspective, the SSL Server Test is a great tool for the public and a good marketing instrument for Qualys. To keep the test current and genuinely security focused, would very much like the test's maintainers to consider removing IE 6 / XP, IE 8 / XP and possibly Java 6u45 clients from the test. Keeping these outdated clients in the test could motivate test users to keep the required low-quality cipher suites on their servers. This should lead to a decline in overall security. Removing such clients would motivate more test users to disregard such outdated clients and as such remove perceived barriers against increasing security consistently. If the last remaining users of such outdated clients are excluded at more websites, it would motivate them to upgrade. All of these effects would point in the direction of increasing security, I think.




Michael Schefczyk