Jump to content

Qualys SSL Labs - SSL Server Tester


Recommended Posts

A tool that I have long admired is Qualys SSL Labs. They have a quick web tool that conducts an analysis of a target's SSL/TLS configuration. Simply give it a target URL and wait for the results.

It lists lots of descriptive information, including:

  • Key
  • Issuer
  • Certificate Transparency
  • OSCP Stapling
  • Revocation status
  • Trusted
  • Supported Protocols
  • Cipher Suites
  • Handshake Simulation
  • Specific Security Tests
  • Forward Secrecy
  • 0-RTT
  • SNI alerts
  • HSTS
  • ALPN
  • NPN

and more. Some of the security tests it looks at are BEAST, POODLE (SSLv3, TLS), Zombie POODLE, GOLDENDOODLE, OpenSSL 0-Length, Sleeping POODLE, Secure Renegotiation, Downgrade Attack Prevention, RC4, Heartbeat, Heartbleed, Ticketbleed, CVE-2014-0224, CVE-2016-2107, ROBOT.

It's a great tool. The best part to me, is that if there are ways in which you can improve your configuration, it highlights the suggestions and offers you links to configuration guides.





With this, I will be exploring limiting support for older TLS versions (anything less than TLS 1.2).

Link to website: https://www.ssllabs.com/ssltest



I have disabled TLS 1.0 and TLS 1.1.

To do this in apache2, find your appropriate virtual hosts and use the SSLProtocol directive.

In our case:

SSLProtocol +TLSv1.2 +TLSv1.3



Edited by cwade12c
Applied apache2 configuration change and added the info to the topic
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...