Your problem is most likely that there's another server or service using
the same certificate which is vulnerable.
With DROWN, because the vulnerability is exposure of the private key,
ssllabs.com tries to find other places where TLS is enabled with the
same certificate. If it finds them, and SSLv2 is enabled on THOSE
services, then your service gets an F even if it's fine, because its
private key has potentially been compromised.
On 06/02/2016 11:37 AM, Karl Rossing wrote:
Thanks! Your sugestion worked. I was doing:
Disable SSLv2 SSLv3
Which didn't work.
Karl
On 2016-05-31 1:16 AM, Christian Hailer wrote:
Hi, yes, of course:
Disable SSLv2
Disable SSLv3
Regards, Christian
________________________________
Von: Karl Rossing <[email protected]>
Gesendet: 30.05.2016 11:14 nachm.
An: [email protected]
Betreff: [Pound Mailing List] Disabling SSLv2
We are currently seeing a score of F on ssllabs.com due to the Drown
vulnerability.
We were able to get an A previously.
We currently have:
Disable SSLv3
Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384
EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL
!LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
Is there a way to disable SSLv2 with pound?
Thanks
Karl
CONFIDENTIALITY NOTICE: This communication (including all
attachments) is
confidential and is intended for the use of the named addressee(s)
only and
may contain information that is private, confidential, privileged, and
exempt from disclosure under law. All rights to privilege are expressly
claimed and reserved and are not waived. Any use, dissemination,
distribution, copying or disclosure of this message and any
attachments, in
whole or in part, by anyone other than the intended recipient(s) is
strictly
prohibited. If you have received this communication in error, please
notify
the sender immediately, delete this communication from all data storage
devices and destroy all hard copies.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
CONFIDENTIALITY NOTICE: This communication (including all attachments) is
confidential and is intended for the use of the named addressee(s) only and
may contain information that is private, confidential, privileged, and
exempt from disclosure under law. All rights to privilege are expressly
claimed and reserved and are not waived. Any use, dissemination,
distribution, copying or disclosure of this message and any attachments, in
whole or in part, by anyone other than the intended recipient(s) is strictly
prohibited. If you have received this communication in error, please notify
the sender immediately, delete this communication from all data storage
devices and destroy all hard copies.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
