AnsweredAssumed Answered

How about an F for servers showing Server 2003 or earlier?

Question asked by RayPesek on Sep 13, 2015
Latest reply on Sep 14, 2015 by RayPesek

Such as SSL Server Test: op-f.org (Powered by Qualys SSL Labs)

 

We recently found a vendor who was still running IIS 5 (Windows 2000) and they confirmed that. Since the version of IIS is inextricably linked to the Windows version it is definitive.

 

This may not be a viable check for Apache since Red Hat and CentOS still patch Apache outside of the Apache project. With OpenSSL 0.9.8 going EOL at the end of 2015 it could be included as well. But it would work for NGINX and others.

 

Yes, this is scope creep so it may not be a good fit. But it is kind of like having new steel doors on a condemned building.

Outcomes