> On Jul 25, 2015, at 2:02 AM, Chris Buechler <[email protected]> wrote: > > On Fri, Jul 24, 2015 at 8:11 PM, Ryan Coleman <[email protected]> wrote: >> >>> On Jul 24, 2015, at 7:18 PM, Ted Byers <[email protected]> wrote: >>> >>> On Fri, Jul 24, 2015 at 6:29 PM, Chris Buechler <[email protected]> wrote: >>> >>>> On Fri, Jul 24, 2015 at 5:20 PM, Ted Byers <[email protected]> wrote: >>>>> This is an external scan. We forward ports such as 443 and 22 to >>>> specific >>>>> Ubuntu machines. But both sshd and apache have been configured to accept >>>>> only TLS1.2 >>>>> >>>> >>>> In the case of forwarded ports it's the Ubuntu machines that are >>>> triggering it. That has nothing to do with the firewall. >>> >>> >>> In that case, then, the scan is wrong as all our Ubuntu machines are >>> configured to use only TLS1.2 >>> >> >> I am curious as to what tool you were using. >> > > Ditto. > > One easy way to check for publicly-reachable things is ssllabs.com.
I have an issue with Qualy’s: They ding my certification because I have domain.com <http://domain.com/> on it and not www.domain.com <http://www.domain.com/> (multi-site cert). That’s not a reason to lower a score on security. — Ryan _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
