AnsweredAssumed Answered

Inconsistent behavior from SSL Labs without SNI

Question asked by Brad Warren on Jan 31, 2020
Latest reply on Feb 14, 2020 by Yash KS

As described in https://github.com/ssllabs/ssllabs-scan/issues/690, if your server only supports a protocol like TLS 1.0 when not using SNI, the report generated from SSL Labs says that your server does support the protocol, however, https://github.com/ssllabs/ssllabs-scan/issues/690#issuecomment-490231155 says that it does not affect your grade and there is a tooltip which says that support was only observed with a client without SNI.

 

This is not the behavior I am seeing with SSLv3 though. The behavior I am seeing is that it is reported that your server supports SSLv3 which negatively affects your grade. Is there a reason for this behavior?

 

In case it's useful, I created a Dockerfile which sets up a server with this behavior. It can be found at https://gist.github.com/bmw/048511815860f63bfee8d2420ec119ca.

Outcomes