AnsweredAssumed Answered

DROWN and Downgrade attack results unclear

Question asked by GJ Schouten on Jan 31, 2017
Latest reply on Feb 1, 2017 by GJ Schouten



I have two questions about the SSL Test. I tried running it on our domain ( and found 2 issues:


-DROWN says: "Unable to perform this test due to an internal error". I've been getting that for several days in a row. Is that because it tries to connect using an older version of SSL which I do not support? In that case, shouldn't it be marked as "Mitigated server-side"?
-Downgrade attack says: "Unknown (requires support for at least two protocols, excl. SSL2)", but since I only support TLS1.2, shouldn't it be marked as "Mitigated server-side"?


BTW Thanks a lot for your excellent test!