Skip navigation
Log in to follow, share, and participate in this community. Not a member? Join Now!

Recent Activity

Frank Fiene
I copied my Webserver from a Ubuntu-16.04 setup to Ubuntu-18.04. Same certificates.   openssl s_client and other online ssl checkers are giving results, but ssllabs not. Error message is "Assessment failed: Failed to obtain certificate".   I want to check because one customer cannot connect. Maybe a Java problem, I need the results for… (Show more)
in SSL Labs
Michael Flynn
When running a SSL Test, the NO SNI option pulls up an expired old certificate that is no longer on the server. How is it reading a certificate that is no longer able to be read?
in SSL Labs
Manu p
I am testing a website is SSL labs and received below message. "This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B." I am trying to enable AEAD ciphers on the server and all I can see is *_ECDHE_ECDSA_*_GCM_* ciphers or *_DHE_RSA_*_GCM_* ciphers. I do not see any *_ECDHE_RSA_*_GCM_* ciphers.  … (Show more)
in SSL Labs
Avamander S
It would be really nice if the SSL Server Test also took one brief look at if the destination server supports TCP Fast Open, I know it isn't strictly the scanners job to show that but HTTP version is displayed, why not go one layer lower. If TCP options are looked at then possibly detecting TCP_NODELAY and maybe even TCP_CORK/TCP_NOPUSH wouldn't… (Show more)
in SSL Labs
Phil Bug
It would be useful if SSL Server Test (Powered by Qualys SSL Labs)  test results showed whether TLSv1.3's "0RTT" mode is enabled.   More info: TLS 1.3 and 0-RTT in HAProxy - HAProxy Technologies 
in SSL Labs
Joseph Wagner
It would be very, very helpful, because configuring SSL on these services isn't documented nearly as well as the http servers.  It would provide great peace of mind.   I searched through the discussion archives.  This was requested over a year ago. Any words on the status of this?
in SSL Labs
Monal Valia
I noticed recently our site got down rated to an F by the SSLlabs test.    We have been at B+ at least up to Sept time frame and the we have now been down rated to F for the following Cipher:   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1)    NMAP reports this as being vulnerable SWEET32 attack, I realize this attack is a few years old but… (Show more)
in SSL Labs
Jacob Hammond
Hello,   I'm running Apache 2.4 on a S3 instance with a PHP web application.   I'm attempting to track down an issue where after a scheduled Qualys scan, two Apache threads are stuck at 100% CPU utilization until terminated.   The processes, as they appear in top: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 6367 www-data 20 0 535924… (Show more)
in SSL Labs
Elvar Bodvarsson
I'm putting together a simple CLI tool that tests for cipher suites on a target service and when I compare my results with Qualys I'm getting a bit of a difference.   For example, this is for TLS1.2 against a random server that got a B rating that was listed on the page. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA… (Show more)
in SSL Labs
David Larsen
We have a Cisco Firepower running IPS. When doing SSL Servertest without Decryption, the test works. When doing SSL Servertest while Firepower decrypts, the test fails with ": Assessment failed: Failed to obtain certificate"   There is a note on the error telling uou to check if there is an IPS device inserted, and there is. Does it mean that… (Show more)
in SSL Labs
Load more items