AnsweredAssumed Answered

Suggestion: Add FIPS-ready at Cipher Suites section

Question asked by j-mailor on Feb 14, 2014
Latest reply on Feb 17, 2014 by Ivan Ristić

Hi,

looking at https://www.ssllabs.com/ssltest/ at Miscellaneous section I see FIPS-ready metric, but no real info how this can be improved if "No" is rated. If I understand correctly, ssllabs test is intended to IMPROVE security, so it would be nice to have some quick info to make a improvement.

 

As reading to old post "FIPS-Ready checks": https://community.qualys.com/thread/9893 to pass FIPS-ready there should be no SSLv3 protocol enabled and some of the chiphers should not be enabled. But which one? Maybe add some info at "Cipher Suites" section like "FIPS-ready" or "No FIPS-ready" - you know just the same logic as "FS" or "No FS" at "Handshake Simulation".

 

In my humble opinion FIPS-ready should be taken into account when making a grade, like downgrading to A- if no FIPS-ready. You know government is saying some ciphers are not save to use for in between government communications, so why should it be save to use for ordinary businesses (e.g. banking, insurance, etc).

 

Regards

Outcomes