AnsweredAssumed Answered

False postive F grades for zombie poodle?

Question asked by Ari Gold on Feb 27, 2020
Latest reply on Feb 28, 2020 by Ari Gold

Hi there,

 

We started receiving reports from customers of F grades when using the SSL Server Test and we can intermittently reproduce on our own site (https://www.ssllabs.com/ssltest/analyze.html?d=pantheon.io)

 

 

 

We reached out to our partner that provides TLS termination and they responded:

 

> Most likely this is a grade because of zombie poodle. Our TLS terminators run openssl-1.1.0 and openssl-1.1.1, and neither is vulnerable to zombie poodle.

 

Can you confirm that this is a false positive on your end or is there anything we can do (e.g. disable certain ciphers) to fix on our side?

 

Thanks,

 

Ari Gold

Product Manager

https://pantheon.ioHigh Performance Hosting & Agile WebOps Platform | Pantheon 

 

Outcomes