AnsweredAssumed Answered

Why is my server still rated with T? I want B :)

Question asked by Thomas Barth on Jul 29, 2015
Latest reply on Jul 30, 2015 by Thomas Barth

Hello,

I m validation my server against ssllabs and trying to optimize my server to get better rating, but it keeps T. I thought I could get B. A is not possible because I m using self signed certificate with self signed CA. That's ok, because I only have a small number of closed user group that imports CA as trustworthy CA to get rid of warnings in browser and email-client.

Here I give you two screenshots of rating before and after possible optimazation.

 

stats2_t_rating_vorher.png

 

After upgrading to next stable Debian distribution, changing certificate with better signature and changing Apache2 SSL settings, the summary now is:

 

stats2_t_rating_nachher.png

To get rid of the weak DH key, I have to wait for next stable Debian release with Apache >= 2.4.8 and OpenSSL 1.0.2.

 

But why still T?

Outcomes