AnsweredAssumed Answered

SSLV3 error

Question asked by Pierre Couderc on Dec 1, 2015

I get a strange :

"This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C."

on SSL Server Test: vpn.tol.fr (Powered by Qualys SSL Labs)

 

which is very stange as at my knowledge  SSL3 is not enabled on my ssl server:

 

server {

# begin : https section

    listen 443;

    server_name vpn.tol.fr ;

 

 

    root /var/www/guenyven;

    index index.html index.htm;

 

        # les parametres généraux de ssl sont inclus dans :

        include /etc/nginx/pc_https.conf ;

 

    ssl_certificate /etc/nginx/sites-available/vpn.tol.fr.comodo.crt;

    ssl_certificate_key /etc/nginx/sites-available/vpn.tol.fr.comodo.key;

    location / {

        try_files $uri $uri/ =404;

    }

}

 

 

with pc_https.conf :

 

ssl on;

  ssl_session_timeout 5m;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE

-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:D

HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-

SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE

-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-

SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AE

S256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AE

S256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPOR

T:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-D

ES-CBC3-SHA';

   ssl_prefer_server_ciphers on;

   ssl_dhparam /etc/ssl/private/dhparam.pem;

 

 

Is it normal N

 

Pierre Couderc

Outcomes