Discussion on https://github.com/EasyEngine/easyengine/issues/729 to be continued here…
Server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure
Something doesn’t match.
My sites using EE+LE all have grade A+.
@janiosarmento How do you get around this?
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
I never had faced such message. :-/
I figured it out.
Thanks for the reply though, it’s much appreciated. I’m now showing an A grade on SSL Labs.
I have tested website on Qualys ssl lab and get F rating with following error: This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure. Grade set to F.
I have updated openssl to 1.0.2h and also restart apache server but I am still getting an F rating .
@aankit_rathore – Did you adjust your configuration as per https://easyengine.io/tutorials/nginx/diffie-hellman-logjam-attack-fix/?
brianjking — I have updated these changes, but still getting an F rating.
Have you restarted Nginx?
Please post your ssl.conf file so we can see if there are any issues. Usually it’s at /var/www/domain.com/conf/nginx/ssl.conf
It will really help if you post why it gives F, it usually highlights the issues right there in the report.
Yes i was restarted my server.
I am using Apache server not Nginx.
Apache? I thought EE supports only Nginx.
This support forum for EE only. No Apache support.
I am closing this discussion for now. If you need any help from community for EE or Nginx, feel free to create new topic.