Hi Guys how are you.
The scan fails wehn I use it against out load balanced web sites.
Has anoone else seen this problem?
Talk to the vendor. I have manually verified that your current configuration accepts insecure renegotiation.
As in failing to scan,report,authenticate...
The scan runs and get the following erros:
Assessment failed: Unexpected failure
The Unexpected Failure error is reported when something does not make sense. An operation that previously worked failed, for example. The problem is usually that the servers behind the LB are differently configured, making it impossible to provide a report that makes sense. There's no way around it, I am afraid. (Unless you can somehow expose the servers and test them individually.)
If I run it directly to the server it works fine. THe Load Balancer has the correct certificate installed.
Since you mentioned cert, I thought of this
Please read and tell me if this applies to you.
It does. However the servers are configured exactly the same.
I'll be happy to have a look. Please send me the hostname of the LB as a private message. Thanks.
Thank you Ivan. It is :
Ivan how are you. Did you have a chance to look in to this?
Thanks for remiding me -- I missed your previous message.
The assessment failure is a result of a known problem (with SSL Labs), and a result of an obscure behaviour of your LB. I won't bother you with details because, ultimately, SSL Labs should handle it. I expect I should be able to fix it shortly.
No problem Ivan. Let me know if you need any additional info.
It's working now. Enjoy.
Thank you Ivan. Much appreciated.
Ivan how are you.
Ivan I was wondering if this next issue is something you can help with or do we need to address it with Load Balancer vendor.
In our LB setup there are 2 options for SSL Offloading:
· Client-Fortigate-Server – Fortigate is the Load Balancer
If we select the Second option – your application grades www.insureon.com as B – but our application doesn’t work J
If we select the First option – it grades us F with MTM attack vulnerability. – I think this is false positive as a result of the LB being in the middle
What do you think?
Retrieving data ...