Domain SSL issues


#1

Can any one check my Domain Bigg Boss tamil season 2 SSL Working or not.


#2

Works for me.

biggbosstamilupdates.com www.biggbosstamilupdates.com
RSA 2048 bits
Valid from Sat, 05 May 2018 15:20:41 UTC
Valid until Fri, 03 Aug 2018 15:20:41 UTC (expires in 2 months and 5 days)|

You do, however, support weak Diffie-Hellman (DH) key exchange parameters
https://www.ssllabs.com/ssltest/analyze.html?d=biggbosstamilupdates.com


#3

Weak DH primes will cause trouble; as the prime key size is un-negotiated. If the client requires a higher size they will not connect. Any connection reattempt will produce the same failed connection.

So, if you must support DH/DHE, your config should NOT prefer them over ECDHE.

DHE is third on the list:
#1 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA)
#2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA)
#3 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits

If any client connects that doesn’t support ciphers #1 nor #2 they are probably not going to connect via #3.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.