AnsweredAssumed Answered

SSL Server Test ratings tied to SSL3?

Question asked by James W on Jan 23, 2017
Latest reply on Jan 26, 2017 by James W

I ran the SSL Server Test and was surprised to see that the tested site will receive a lower score under "Protocol Support" if the server lacks support for the inherently insecure SSL3 and SSL2 protocols.

 

For those of you who don't already know why SSL3 is vastly inferior to TLS:

 

SSL versus TLS: What is the difference?   

 

Disable SSLv3 

 

As such, it seems only logical and prudent that the SSL Server Test should be updated to remove checks for SSL2 or SSL3 in light of the insecurity of those protocols versus TLS.  In other words, sites tested should not be downgraded in the "Protocol Support" test for lacking SSL2 and/or SSL3 protocols.

 

Thank you.

Outcomes