New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SSL Analyzer rates Comodo Postive SSL as "F" whereas free startcom SSL "B"
Well i was just researching up a bit,
and scrawled accross a site which most of us here should be familiar with,
https://www.ssllabs.com/ssltest/analyze.html
so i analyzed my $9 Postive SSL from comodo and it rated it "F" , well i reissued the certificate but still it shows "F".
Now i tested my free ssl's from StartCom and WoSign and guess what they were rated "B" and "C" 0_o ;
so does that mean the StartCom's or WoSign's SSL offers more secured SSL ? which are kind of immune to new vulnerabilities ?
am kind of confused, if anyone can help it would be great!
Comments
It explains the analysis in great detail, what rationale did it give you for the F?
Most likely you just installed it incorrectly, e.g. forgot to include some intermediate cert.
Can you post the link to ssllabs test?
Example https://www.ssllabs.com/ssltest/analyze.html?d=comxyz.com
http://prntscr.com/6rha4i
yeah sure.
It's
https://www.ssllabs.com/ssltest/analyze.html?d=rockbelthost.com
this will help you https://mozilla.github.io/server-side-tls/ssl-config-generator/
And generate new stronger DH >1024
Nothing wrong with the cert itself, all of that should be fixable via properly configuring your server. Try this: https://cipherli.st/
thanks! will try these.
but does that mean my server side is not secured?
Yes, it means your server side is currently not secure for SSL. After fixing the problems, it should be OK
okay thanks!
Using Comodo PositiveSSL, looking perfect here
https://www.ssllabs.com/ssltest/analyze.html?d=nexhost.net
It is the server configuration that gives you C or F grade, not the certificate itself.
I usually follow config from cipherli.st and receive grade A on any new SHA256 certificate.
That's not about the certification, that is about your server configuration.
This is two reasons why you are a F:
Not the server I would like to be hosted on :P if you own the server fix it, if not move :P
Well fixed the problem
thanks guys
for it this worked out :
well pretty easy i guess
I did check my PositiveSSL few seconds ago.
So, i think, the problem with your config.
I hope you plan on adding more than one SSL cipher to the list.
Did you follow the guide by @Raymii? We're at an A-, I want to bump it up now!
http://puu.sh/h7vc2/66c22e4af1.png
What for? No point adding anything besides AES, though I'd suggest switching to AES256 instead of AES128. I run my sites AES-only, because my servers tend to have hardware AES acceleration. I checked the list of failing clients at the SSL Labs test, and all of those fail not due to the cipher, but because of something else.
Cipherli.st also shares more compatible ciphers as well. Unlike @rm_ I intend a broader compatibility and thus use that list. Still got an A+ with Wosign certificates though.
No ssl just behind cloudflare
I think this thread title should be changed, as it's misleading.
My web also under cloudflare with full ssl activated, getting A+ rate.
yeah i have got A now so it's kk
Mozilla has a good guide that's constantly updated -- https://wiki.mozilla.org/Security/Server_Side_TLS
Seconding this. That's my go-to page for updating my cipher lists.
Strange... seems fishy
+1 meant to work on this a few weeks ago, had nothing production/of value on the server and a quick paste into cPanel resolved the issue that was driving me crazy as nothing seemed to get better on SSLTest except I would go from C to F then C with some casual reading. Now I'm A+ on all the tests.
Thanks for the recommendation