Can you check my site and tell me if i am missing any configuration etc?

MonsterMMORPG · November 24, 2018, 5:10pm

my domain is : https://www.pokemonpets.com/

when i check security tab of chrome it shows like below

Osiris · November 24, 2018, 5:15pm

You can check yourself at: https://www.ssllabs.com/ssltest/analyze.html?d=www.pokemonpets.com&hideResults=on

MonsterMMORPG · November 25, 2018, 10:49am

@Osiris ty very much for answer

I have tested and saw these

DNS CAA No ([more info](https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum))

How can i add DNS CAA when using letsencrypt?

Can i fix this when using letsencrypt?
RC4 **Yes** **INSECURE** ([more info](https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what))

Can i fix this when using letsencrypt?
Forward Secrecy **Weak key exchange WEAK**

Can i fix these when using letsencrypt?
waek2

MonsterMMORPG · November 25, 2018, 10:50am

@Osiris and also these

ty

_az · November 25, 2018, 10:54am

You may find the articles linked here very helpful for you: https://www.namecheap.com/support/knowledgebase/article.aspx/9594/69/hardening-ssltls-configuration-on-iis-85

Because IIS 8.5 is quite long in the tooth, you will need to tune it with the help of the above resource in order to score highly on SSL Labs.

But it may not be possible to get an A+ (and that’s okay).

Osiris · November 25, 2018, 10:54am

@MonsterMMORPG Yes, all those issues are SSL/TLS issues, but are not depending on the certificate. And only the certificate is Let’s Encrypt specific. All those other things, are webserver configuration matters.

A certificate is only al very small (albeit important ) part of the whole TLS setup. See for more info: https://en.wikipedia.org/wiki/Transport_Layer_Security

JuergenAuer · November 25, 2018, 11:40am

Hi @MonsterMMORPG

you have an IIS.8.5.

There exists one (old) tool to configure IIS without editing the Registry manual (it’s painful):

https://www.nartac.com/Products/IISCrypto

Disable all the old TLS_RSA - cipher suites.

MonsterMMORPG · November 25, 2018, 9:38pm

Ty very much for answers

@JuergenAuer and @Osiris and @_az

I suppose it doesnt worth the hassle right?

Currently it would work on every decent browser without any error or problem?

my aim is making https work on as much as possible browsers

i think grade not matters much? i have no security problem or issue

i will keep supporting http version too

system · December 25, 2018, 9:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.