AnsweredAssumed Answered

RFE: Warn about near EOL & fail EOL server software

Question asked by Dave Garrett on Mar 5, 2015

The SSL Labs test detects the server software in use. (with some legitimate uncertainty, I'm sure) Rather than merely warning about brokenness in its configuration, it would be really helpful when dealing with these maintainers to also point out that the entire installation is just ancient and bad. For example, I was checking an issue with a server running IIS 6. This runs on Windows Server 2003 or XP. Extended support lasts until July 14, 2015. I would much rather just tell them they have only a few months before Microsoft won't even give them any security fixes anymore and they have to upgrade.

 

I would like to request the test to look up EOL dates for the server software it detects and show them in the test results. (a small table of dates wouldn't be too hard to compile) For servers within 6 months of EOL, a warning should appear up top to make it very clear that time is running out. (orange problem level) For servers that are past EOL, a red box saying as such should be shown prominently and the server should get a flat 'F' for lack of security updates.

Outcomes