AnsweredAssumed Answered

Should the SSL Client Test report Logjam Vulnerability with SSL3 disabled?

Question asked by Rich Painter on Jun 18, 2015
Latest reply on Nov 4, 2015 by Rob Moss

Using firefox browser 38.0.1 on win vista and setting the config param security.tls.version.min to 1 will disable SSL3 (and 2).

 

When I run your test Qualys SSL Labs - Projects / SSL Client Test

it reports the Logjam Vulnerability for SSL3.

 

If SSL3 is disabled then isn't this test incorrectly reporting?

 

Later in the report it does confirm SSL 2 and 3 are disabled.

 

thanks

oldunixguy

Outcomes