No.
You may also try https://tls.imirhil.fr
--
+36204242498
Ezen a készüléken sok az elütés.
Elnézést!
On March 30, 2017 12:37:24 PM CEST, Alessandro Vesely <ves...@tana.it> wrote:
>Thank you Szépe, I tried that last week and it was bad enough to
>convince me to recompile the whole lot --something I had been
>procrastinating for a while. It is a Debian with OpenSSL 1.0.1t.
>
>Testing the new code, without TLS-specific settings, I got again logged
>on the /recent worst/ table as up2.tana.it (of course my certificate
>doesn't seem to be valid...), but the only serious error I saw is:
>
>SSL/TLS compression Yes INSECURE (more info)
>[(more
>info)->https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls]
>
>I note the TLS_COMPRESSION option has gone away. Are there other TLS
>options worth trying to remove compression?
>
>
>The other errors (red) and warnings (yellow), which I think I can
>safely ignore, are:
>E:IE 6 / XP No FS 1 No SNI 2 Server closed connection
>E:IE 8 / XP No FS 1 No SNI 2 Server sent fatal alert:
>handshake_failure
>W:Forward Secrecy With some browsers (more info)
>W:Session resumption (caching) No (IDs empty)
>W:HTTP status code Request failed
>
>Did you get better results?
>
>Ciao
>Ale
>--
>
>On Thu 23/Mar/2017 21:35:44 +0100 SZÉPE Viktor wrote:
>>
>> Hello Courier users!
>>
>> Up to now I was not aware that Qualys' SSL test could be used on
>other
>> ports than 443.
>> Here is how.
>>
>> 1) You spin up an hourly billed VPS (like UpCloud) Probably your 443
>
>> port is already used for production websites.
>>
>> 2) Enable IP forwarding
>>
>> echo 1 > cat /proc/sys/net/ipv4/ip_forward
>>
>> 3) Route all tcp/443 traffic to your Courier installation
>>
>> iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT
>> --to-destination ${COURIER_IP}:465
>>
>> iptables -t nat -A POSTROUTING -p tcp --dst ${COURIER_IP} --dport 465
>
>> -j SNAT --to-source ${TEMPORARY_VPS_IP}
>>
>> pre-4) Add an exception in Fail2ban for ${TEMPORARY_VPS_IP}
>>
>> 4) Enter the VPS' reverse host name
>>
>> https://www.ssllabs.com/ssltest/
>>
>> Of course there will be a CN mismatch but all the rest of Qualys'
>fine
>> report will show you all the details.
>>
>>
>> All the best!
>>
>>
>> SZÉPE Viktor
>> https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
>>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
