SSL Labs says SSL is vulnerable, gives grade F


#1

Discussion on https://github.com/EasyEngine/easyengine/issues/729 to be continued here…


Server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure
#2

Something doesn’t match.

My sites using EE+LE all have grade A+.


#3

@janiosarmento How do you get around this?

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.


#4

I never had faced such message. :-/


#5

I figured it out.

Source: https://github.com/EasyEngine/easyengine/issues/661

Thanks for the reply though, it’s much appreciated. I’m now showing an A grade on SSL Labs.


#6

I have tested website on Qualys ssl lab and get F rating with following error: This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure. Grade set to F.

I have updated openssl to 1.0.2h and also restart apache server but I am still getting an F rating .


#7

@aankit_rathore – Did you adjust your configuration as per https://easyengine.io/tutorials/nginx/diffie-hellman-logjam-attack-fix/?

See: SSL Labs says SSL is vulnerable, gives grade F


#8

brianjking — I have updated these changes, but still getting an F rating.


#9

Have you restarted Nginx?

Please post your ssl.conf file so we can see if there are any issues. Usually it’s at /var/www/domain.com/conf/nginx/ssl.conf

It will really help if you post why it gives F, it usually highlights the issues right there in the report.


#10

Yes i was restarted my server.

I am using Apache server not Nginx.


#11

Apache? I thought EE supports only Nginx.


#12

@aankit_rathore

This support forum for EE only. No Apache support. :slight_smile:

I am closing this discussion for now. If you need any help from community for EE or Nginx, feel free to create new topic.

Thanks,


#13