Hi, I've scanned my servers two days ago and have noticed the following:
When a Server ist vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) it is rated to "F", thats OK.
But if the server supports only older protocols, but not the current best TLS 1.2 it is grade capped to B.
This don't make sence. Why should a server with an additonal problem should be upgrade from F to B?
PS: The server were updated, so I've annexed the screenshot insted of the server name or link.