T M

SSL test fails due to firewall rules on number of states per source IP

Discussion created by T M on Nov 18, 2016
Latest reply on Nov 24, 2016 by Ivan Ristić

Logging this more for reference rather than as a request, in case it can help others facing the same issue.

 

I was seeing my SSL tests fail at the 'Determining available cipher suites' step with an 'Assessment failed: Cipher suite support test failed' error. It took me a while to make the link with the server firewall configuration and the fact that it had a number of rate limits in place (maximum number of simultaneous states per source IP, etc). It looks like the SSL test is firing out a significant number of connections at the server in quick sequence, which in my case was the source of the problem.

 

I am not suggesting a change to the web SSL test tool, as I could solve the problem by adding a firewall rule for the Qualys Ip address range, and it is probably not a widespread issue. One suggestion though would be to consider adding an option to the command line client to allow for the selection of a maximum connection rate for the tests (if that makes sense).

Outcomes