New on LowEndTalk? Please Register and read our Community Rules.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
In this Discussion
- 2008-2021 © LowEndBox & LowEndTalk. Privacy Policy. Powered by Vanilla.
Back to Top | LowEndTalk | LowEndBox | Dark Theme Config | Advertise
Comments
No. They’ll already be aware and either do not care or have plans for remediation. A ‘B’ rating is better than a lot of large companies too, I know of plenty of larger organisations with C ratings on certificates.
A wild guess would be that the server doesn't support Forward Secrecy.
Anyway, as @Nekki says, a B rating isn't bad at all, and it's not so easy to obtain an A rating -- you really have to know how to configure the server well (and it also depends on the capabilities of the server).
its very easy to correct the issues and upgrade from B to A+ rating.
No problem there
On your average little, simple web server, maybe. Corporate ones might have different, legacy needs.
we are taking about HTTP server, right? in this case your comment is pointless as no difference if your web server serve 20k or 16b people! No difference what so ever, the drama is over!!!
Just to add that in my experience, a default installation of Apache on Ubuntu 18.04 with a LE certificate gives a B rating on ssllabs, so beyond this, you have to know what you're doing.
And, yes, legacy deployments may have other constraints.
No difference to the web server... but consider there's someone who's responsible, a created process in case said person(s) get run over by a bus, a development cycle including more than one person.
When it's just one person and a web server you don't have to think of these things.
you have added the above line, the legacy of having right to edit configuration files and if company is used cheap IT cowboys in past than you are right its different!
No one stop the stages: develop/update --> test --> implement --> test again --> collect feedback (back to first one).
But I don't think that's the definition of 'easy'
I think you misunderstood @Clouvider. "legacy" isn't about 20K or 16B people. It's about a few customers that are however important for the company and who for whatever weird reason need old ciphers, SSL2, etc. I have seen cases where e.g. some backwards government still had old regulations in place for some sectors.
Indeed.
No one is saying that it's so incredibly difficult, but unless the default installation of your web server already gives an A/A+ rating, you'll have to start modifying configuration files, in particular, the accepted ciphers and their precedence, in which case it's good to know what you're doing, not to mention that the stricter your web server becomes in this respect, the more browsers will be ruled out. On a legacy, production system, it may be acceptable to settle for a B or even C rating.
Just to keep things in perspective:
@angstrom
MS knows that Internet Explorer is always waiting to haunt them, so to keep the beast calm it must enable legacy SSL options gasp
Your level of intelligence has decreased exponentially.
All things considered, MS is pretty good about backwards compatibility. :-)
Not A+? Scam. I want my money back!
LET should have F, not A. A is higher end.
I had also checked the rating for lowendtalk.com and was (pleasantly) surprised that it got an A. :-) (I had expected around a B.)
Yeah, but it’s not LETs rating. It’s Cloudflare’s. One would need to run it against the origin, as Cloudflare is MITM here and you run a session with CF not with the actual server.
Ah, of course, I had forgotten about Cloudfare!
So it's anyone's guess how the actual server for lowendtalk.com is rated.
This. My employer works with every Global 500 (except our competitors) and a lot of business IT relationships are like a drowning swimmer's death embrace. You know how if you jump in after someone drowning they can take you down with them? Same thing on enterprise upgrades. You create these cool systems and customers integrate with them and build all these extensions on their side. You're happy because they're locked in hard to your systems. But then when you want to upgrade...you find you're locked into the same systems because customers have no incentive to want to change.
I still manage crap that isn't Y2K-compliant. There's systems out there that integrate over telnet or rsh. It was not that many years ago that we finally got rid of 9-track tape because some governments still use it...
In the consumer space, it's easier to get upgrades. Deep integrations between large organizations might as well be carved on tablets.
That test has some pretty strict stuff to get an A as I recall. Probably not necessary for most people. I wouldn't get too hung up on getting that gold star.
Oh sweet summer host. Enterprise is old and full of terrors.