Folks I noticed a mate's shopping site over the weekend returning the following in the connection info for the certificate:
*Your connection to www.somesite.com <http://www.somesite.com> is encypted using an obsolete cipher suite.* Did some googling, didn't understand much of it but landed on ssllabs.com which runs a test on the site. It gave the site an F rating with the following info - This server supports anonymous (insecure) suites (see below for details). Grade set to F. - This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. - This server accepts the RC4 cipher, which is weak. Grade capped to B. - This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. Should my mate be concerned? The people who created and run his site I assume don't know or do know and aren't concerned. Anybody here used ssllabs before or an alternative and how much should you care about the rating? Even the microsoft store only gets a B with various warnings about inconsistent server configurations. Cheers
