Qualys reports F for our SSL certs


#1

Hi,

After looking at the report, I think the reason why our qualys reports end up in F is because options-ssl-apache.conf is not read properly because it’s complaining that we are using SSLv3, etc… We have a proxy server in front of our apache, so ssl is served from 444. Is this the reason why? Do I have to do something in apache config file so that options-ssl-apache.conf is included. Sorry I don’t even know how to ask this question properly, my English is limited. Please let me know if you need clarification. Thanks in advance.

ps. Qualys reports says:

This server supports insecure cipher suites (see below for details). Grade set to F.
This server accepts RC4 cipher, but only with older protocols. Grade capped to B.


#2

You should disable SSLv3 on whichever server is connected from the Internet over port 443.
OR just disable SSLv3 on all systems; as that is a very outdated protocol.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.