when running a SSL test on concern.ir.rotterdam.nl an error is encountered:
Assessment failed: Ssl2HelloTest: Unexpected message type in response: 0
Is this because SSL2 is not available on the server?
And if so, why is the test than aborted?
No, the assessment of your server failed because its response to the SSLv2 hello test was unusual. Our code is designed to fail hard when it encounters something unknow, which forces us to keep it correct. I have pushed version 1.0.102 to the web site, and you should now be able to complete the assessment.
Thanks for your report!
Thanks for the reply.
The assessment could now indeed be completed.
I guess the Key Exchange fails because of the response to the SSLv2 hello test?
Can I ask what is unusual about the response?
If it is something we do, maybe we can correct it.
No, the Key Exchange score is zero because you have two anonymous cipher suites enabled. They are marked red. If you disable them in configuration, your score will be non-zero.
The SSLv2 hello test is fine, and there's no need to change anything on your end.