Hello Michael, are there different Ciphers for your and other 5209R Servers?
Please check: https://www.ssllabs.com/ssltest/analyze.html?d=www.eloquia.com and https://www.ssllabs.com/ssltest/analyze.html?d=www.excite-werbeagentur.de both 5209R and both B-Rating Funny fact A 5208R (Scientific Linux 6.9) I get a A+ https://www.ssllabs.com/ssltest/analyze.html?d=www.blackpoint.de Can you please investigate a little bit further. Thank you and best regards Dirk --- blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel -----Ursprüngliche Nachricht----- Von: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von Michael Stauber Gesendet: Dienstag, 13. März 2018 16:07 An: email@example.com Betreff: [BlueOnyx:21835] Re: https://www.ssllabs.com/ssltest/analyze.html actual only B rating for blueonyx Server with ssl Hi Dirk, > blueonyx server with enabled SSL actually only get a B rating at > https://www.ssllabs.com/ssltest/analyze.html What the hell? I had checked it just a few days ago and we were getting a rock solid "A" with them. If so, then their evaluation criteria must just have changed or something else is amiss. Ah, wait. This is a 5209R with all updates and a LE cert: https://www.ssllabs.com/ssltest/analyze.html?d=5209r.smd.net&s=22.214.171.124 It still gets a solid "A". Yes, low on the priority list it uses ciphers recently identified as weak, because Microsoft fucked up their implementation: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK 256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK 128 But that doesn't affect the "A"-rating. > Reasons for that: > - Forward Secrecy is not enabled Forward Secrecy: Yes (with most browsers) ROBUST (more info) > - Certificate Transparency is not available I think that may be your problem and it's why you got the "B". As far as I recall you get that when the intermediate is missing. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx