After looking at the report, I think the reason why our qualys reports end up in F is because options-ssl-apache.conf is not read properly because it’s complaining that we are using SSLv3, etc… We have a proxy server in front of our apache, so ssl is served from 444. Is this the reason why? Do I have to do something in apache config file so that options-ssl-apache.conf is included. Sorry I don’t even know how to ask this question properly, my English is limited. Please let me know if you need clarification. Thanks in advance.
ps. Qualys reports says:
This server supports insecure cipher suites (see below for details). Grade set to F.
This server accepts RC4 cipher, but only with older protocols. Grade capped to B.