Jerbo

qualys vm  vs ssllabs , ssllabs shows more info ??

Discussion created by Jerbo on Sep 21, 2016
Latest reply on Oct 4, 2016 by shanmugammanian

Within qualys VM   I've made a full scan against one of our external websites  (full scan om  all tcp enad upd ports).

Next to that i did a ssllabs scan of the same site, to see the ssllabs score.

 

To my surprise ssllabs is reporting things i do not see in the qualys scan results  (for instance  things like forward secrecy, the use of dh prime numbers).

In my opinion all things found via ssllabs should also be found via qualys, as that is a thorougher scan than ssllabs.  (i presume)

 

i raise this point because the issues found in ssllabs are somehow vulnerabilities found on the website.

(and relaying solely on the qualys VM seems not to be enough).

Outcomes