Great site to check SSL certs. Thanks! I ran this powershell on a win 2012 r2 machine and went from C to A with a reboot
https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 On Thu, Nov 5, 2015 at 3:54 PM, Tom Rutter <[email protected]> wrote: > Further to my original email it turns out my mate's site has been > compromised twice in the last few months. They didn't take the ssllabs test > seriously either from what I've heard and the score remains. I guess I will > be testing every site I shop from now on. > > Cheers > > On Mon, Nov 2, 2015 at 2:24 PM, Tom Rutter <[email protected]> wrote: > >> Folks >> >> I noticed a mate's shopping site over the weekend returning the following >> in the connection info for the certificate: >> >> *Your connection to www.somesite.com <http://www.somesite.com> is >> encypted using an obsolete cipher suite.* >> >> Did some googling, didn't understand much of it but landed on ssllabs.com >> which runs a test on the site. It gave the site an F rating with the >> following info >> >> - This server supports anonymous (insecure) suites (see below for >> details). Grade set to F. >> - This server supports weak Diffie-Hellman (DH) key exchange parameters. >> Grade capped to B. >> - This server accepts the RC4 cipher, which is weak. Grade capped to B. >> - This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade >> attacks. >> >> Should my mate be concerned? The people who created and run his site I >> assume don't know or do know and aren't concerned. Anybody here used >> ssllabs before or an alternative and how much should you care about the >> rating? Even the microsoft store only gets a B with various warnings about >> inconsistent server configurations. >> >> Cheers >> > >
