Qualys reports F for our SSL certs


After looking at the report, I think the reason why our qualys reports end up in F is because options-ssl-apache.conf is not read properly because it’s complaining that we are using SSLv3, etc… We have a proxy server in front of our apache, so ssl is served from 444. Is this the reason why? Do I have to do something in apache config file so that options-ssl-apache.conf is included. Sorry I don’t even know how to ask this question properly, my English is limited. Please let me know if you need clarification. Thanks in advance.

ps. Qualys reports says:

This server supports insecure cipher suites (see below for details). Grade set to F.
This server accepts RC4 cipher, but only with older protocols. Grade capped to B.

You should disable SSLv3 on whichever server is connected from the Internet over port 443.
OR just disable SSLv3 on all systems; as that is a very outdated protocol.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.