AnsweredAssumed Answered

SSL Labs unable to test openssl s_server

Question asked by Jos Groot Lipman on Feb 7, 2015
Latest reply on Feb 8, 2015 by tlussnig

As many other people I am trying to achieve a high rating on SSL Labs.

I am testing with the openssl built in server using

     openssl s_server -accept 8043 -www -cert /path/to/my.crt -key /path/to.my.key

(external port 443 is forwarded to internal 8043)

 

When I connect (from the outside world) to the server using Internet Explorer or Firefox it works fine: it shows a large list of 44 supported ciphers (with -cipher 'ALL' I even get 56 supported ciphers)

 

When I test it with ssllabs however, it tries several protocols and ends with 'Assessment failed: No secure protocols supported'. This is strange as Internet Explorer and Firefox do not have a problem.

 

Background: I am testing this on a pfSense v2.2 machine which is based on FreeBSD 10.1-RELEASE-p4. OpenSSL version is 1.0.1k-freebsd 8 Jan 2015

 

Why cannot SSL Labs negotiate a protocol while IE en FF can?

Outcomes