AnsweredAssumed Answered

SSL Server Test Suggestion

Question asked by deadbolt on Apr 10, 2014
Latest reply on Apr 10, 2014 by deadbolt

Perhaps this question has been answered or discussed elsewhere but I haven't seen a related posting so I am going to ask the obvious.  When a low SSL score is given it is almost always due to the selection and ordering of the cipher suites in the web server software.  Next to each failing cipher, a link to the relevant RFC or documentation is usually provided.  In order to save thousands of human hours (1000 sysadmins x 1hr reading docs / day on your site) why don't you just post the ssl_ciphers (nginx) or SSLCipherSuite

(apache) config line that is required to achieve an 'A' ranking?  It would save us all a lot of time and you could still post links to the original whitepapers for those admins with the time and inclination to read them (probably very few people).

 

Thanks for your great site and making the Internet a safer place.

Outcomes