I noticed 2 changes on SslLabs for a site I monitor after the SslLabs update for Logjam (or at least since the last couple of days):
- This site was rated A- before and now F (!!!) since SslLabs now reports it's vulnerable to TLS Poodle, whilst it has been patched since 2014-12 and no configuration was changed.There is an article on the suppliers website about the TLS Poodle patch specific to the firmware version being used (yeah yeah, I know, should be updated, but it's a fact of life, it's coming, including FS).
"Note: Testing tools for SSL/TLS may report false positives for BIG-IP 10.2.4 HF10 and 11.2.1 HF13 due to an issue being tracked in ID 500688. While these versions have been patched and contain the code fix for CVE-2014-8730, the bad_record_mac alert may not be returned during testing."
To make it even more interesting, there is a 2nd site being hosted on the same host, running the same firmware and the same SSL profile, that is still being reported as A-, no changes there. That really dazzles me
Verifying that TLS Poodle result manually, it indeed does not return that specific status-code, but the result is consistent between the 2 hosts with a different SslLabs rating; so I was wondering if perhaps SslLabs changed code specific to this test (or one of the used libraries) that might cause this ?
- SslLabs reports a weak SHA-1 based intermediate is being used, whilst only the root cert is still SHA-1 ?
Is this because the intermediate points to a root with a different Fingerprint ? Now I come to think of it, this specific issue might have been reported a little longer already, but not that long...
Below are some relevant screenshots (click on it for a readable version). And I can always share the host in a PM if more info is needed.
Could anyone please tell me how stupid I am or this a genuine SslLabs bug ?