Closed sindarina closed 8 years ago
There's a discrepancy between the problems reported by the SSL Server Test, and what Cipherscan sees. This suggests that there's a problem with the configuration of the default host, and what's set up for the virtual host this domain runs in. Needs to be reviewed.
Notified using their contact form; http://fmphost.com/support/contact-us
Poked on Twitter; https://twitter.com/isvsecwatch/status/611556256759853056
See also #45.
See also #46.
Email notification has been automatically acknowledged by an issue tracker.
Hmm, they did a great job fixing #45, but didn't go all the way here. Still has RC4 active; https://www.ssllabs.com/ssltest/analyze.html?d=fmphost.com (B)
No change, and cipherscan results differ from SSL Server Test, which usually means there's a discrepancy between the default host and the virtual host this runs in;
Target: fmphost.com:443
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits
3 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,1024bits
4 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,1024bits
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits
6 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
7 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
9 DHE-RSA-AES128-SHA256 TLSv1.2 DH,1024bits
10 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits
11 DHE-RSA-AES256-SHA256 TLSv1.2 DH,1024bits
12 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits
Certificate: UNTRUSTED, 1024 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: 300
OCSP stapling: not supported
Server side cipher ordering
Virtual host still has RC4 active, for example.
No change. Closing as unresolved.
SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=fmphost.com (F)
Cipherscan Results
Cipherscan Analysis
For more information on updating and making changes, see; https://github.com/isvsecwatch/httpstracker