I'm trying to understand why my site is getting an F for the DROWN attack. See:
which shows my server susceptible. However, if I go to the linked test here:
it shows no other servers found matching this name. Doesn't that mean there is no other server running SSLv2 with my beiley.com certificate? I think the problem may somehow have to do with a different certificate being used on the email port of my server, but am not clear on this. On my SSLLabs test page, it shows:
which if you follow that link, shows information about a certificate for arvixe.com (not beiley.com) being available on port 110 for POP3. Arvixe is my hosting company, and their certificate is probably the one being made available for email. Is the SSLLabs test giving me an F because the traffic to my server on the POP3 port could be compromised? It seems the traffic on my HTTPS port is ok, since no other server is found running SSLv2 with my beiley.com certificate. Do I understand this correctly? The SSLLabs test only shows information on the beiley.com certificate in the certificate section, but I'm getting a DROWN failure because of a compromised arvixe.com certificate, which is only being used on the email port...? Just a little confused, and hoping someone can help clarify this?