My Rate is F very poor, how to improve this. How to improve my rate to A.
Below is the summary of my website SSL Security.
You really did not give a lot. What is your web site? I assume it is public if SSL Labs hit the site. Typically I use this methodology. First; look at the certificate itself which looks green above. So at the moment I would probably focus on what encryption protocols you have in use. These days I only use TLS 1.2 and higher if the Web Server supports it. If you only support TLS 1.2 and higher than many issues such as weak ciphers for the lower protocols go away and can clear a lot of things out. Then it is just a rinse and repeat try testing again.
If the site is public and you are comfortable; the community could evaluate the last scan you ran and review and maybe give more constructive suggestions, David
The output from SSL Labs indicates what are the issues, and the SSL/TLS Deployment Best Practices is also helpful.
If the server gets a zero in the Protocol Support category, as your limited screenshot suggests, then the server is vulnerable to some known exploit. To correct this, you typically need to patch or upgrade your server software. Specifically, the web server and/or the SSL library.
As others have suggested, the SSL Labs Server Test report includes red warnings for any failing grade. These warnings, as in Robert's sample screenshot, contain links to blog posts. The blog posts typically have instructions on how to correct the issue.
If you have questions on how to resolve any one of the specific issues in a report, please ask.
Protocol Support is still 0 and rate is still F, I almost follow the instruction available on the web. I am using Apache 2.4.9 webserver and windows 2016 windows server.
If you are using Apache then you will need to have SSL enabled and loaded into memory with a certificate.
In my version of apache under sites-enabled you should have a link to a file probably called default-ssl.conf
Inside of that conf file I would specify the certificates and much of the SSL Configuration.
SSLEngine on - this will turn on the ssl engine in Apache
Then SSLProtocol -all +TLSv1.2 +TLS1.3
This will disable all protocols then enable TLS 1.2 and higher.
you should reivew the apache configuration seperately and you will probably need to make sure the mod_ssl is enabled in Apache as well.
Please share the specific warnings that are shown with the failing grade. The warnings appear in red boxes under the letter grade.
SSL Server Test: shc.edu.ph (Powered by Qualys SSL Labs)
You need to install a newer version of the OpenSSL library that Apache HTTPD is using. OpenSSL version 1.0.2r or higher includes patches for those three vulnerabilities. How you do that will vary depending on how you originally installed Apache HTTPD on Windows.
Using Apache HTTP Server on Microsoft Windows - Apache HTTP Server Version 2.4
How to upgrade into new version, because according to the wampserver that wampserver 2.5 with apache2.4.9 is bundled with OpenSSL already. Huh! Headache! Then I open httpd.conf there is no specific line for OpenSSL.
No you will not find a direct reference to the OpenSSL Lib that would have been part of the Apache build itself. You would find a file called mod_ssl.* that should be the one to find. Now you can try downloading the latest version of Apache and do an install somewhere else and just do enough work to get the OpenSSL version. If that shows to be good then you might be able to take the mod_ssl files from the new version and copy them over the others and restart. But that is a might.
David is correct. There is no Apache HTTPD config to change versions of OpenSSL.
If you want to stay with a single WAMP style install, then I recommend you look at the Bitnami WAMP stack, since the WampServer server is not responding to requests and may no longer be actively supported.
As of Version 7.1.33, the Bitnami WAMP stack includes the latest version of OpenSSL 1.1.1d and is free of known vulnerabilities (at this time.) I strongly recommend you put a policy in place to regularly upgrade your web server software stack to avoid these issues in the future. For example, OpenSSL was patched to protect against CVE-2014-0224 over five years ago.
It is great that you have taken an interest in improving the security of your web server. Running regular SSL Labs Server Tests is part of good strategy to keep your servers secure, in my humble opinion.
Too add to Mr. Shaw I recommend you do automated assessments every month with SSL Labs or other tools like CertView in Qualys and a few others depending on the number of sites it may be easier to just set a calendar appointment for this .vs. automation.
Retrieving data ...