I think I figured it out. I think I just had to scroll down a bit in
Qualy's SSL Lab. I see a list of browsers and with TLSv1.0 and TLSv1.1
disabled, I now see: Server sent fatal alert: protocol_version
I believe they're the ones that don't support the protocols that I've
disabled.
I think
I made the required changes but don't get the A+ rating, still A. Forward
Secrecy is enabled, which is good. I don't actually see scores for the
bar graph but I do see certain ones don't go to the 100%. One was the
Protocol Support. However, if I disable TLSv1 and TLSv1.1, then Protocol
Wow, thank you Dr. James Smith! I am going to try your cipher list and
see if I can get the A+ rating. That's exactly what I'm after. Are
there any other drawbacks besides losing support for Java 6 and IE 6
clients? I originally started writing my website to be IE 6 compatible
but after
I use:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
as the setting for ciphers - this gets a A+ rating on the qualys SSL
labs scoring
Hello,
I think I figured it out. I removed the DES-CBC3-SHA line from the SSL
Cipher Suite list and now this is the output from nmap:
| Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's
Encrypt/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature
Hello,
I'm sorry if this is a simple question. I'm fairly new to running an
Apache web server. I lease a virtual private server (VPS) from GoDaddy
that's running CentOS 6.8 Final with cPanel / WHM v56.0.25. Apache is
version 2.4.18 (Unix) with OpenSSL/1.0.1e-fips.
I'm trying to disable
