search

ssllabs / ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
https://www.ssllabs.com/projects/ssllabs-apis/
Apache License 2.0
1.7k stars 242 forks source link

F Grade because of TLS 1.0 only, but browser says TLS 1.2 #729

Closed shibumi closed 5 years ago

shibumi commented 5 years ago

Hi, I have a really weird issue. I have scanned the webserver https://tu-clausthal.de via sslabs and I get the following result:

https://www.ssllabs.com/ssltest/analyze.html?d=tu%2dclausthal.de&s=2001%3a638%3a605%3a20%3a1%3a0%3a0%3a9&latest

https://paste.xinu.at/cP8h/

But when i visit the page in my browser.. everything is fine with TLS 1.2 and HSTS etc:

https://paste.xinu.at/tiS1R/

Any idea?

tamthing commented 5 years ago

Hi @shibumi , I tried scanning the domain but SSLLabs isn't able to connect to your server. I was thinking of investigating. Did you do something to not enable the connection?

shibumi commented 5 years ago

Hi @tamthing, try again. It should work now.

EDIT: Ok this is weird.. it doesn't work, although the webserver is accessable worldwide.

Are these IP ranges still correct?

64.41.200.0/24 64.39.109.20 104.130.202.77

shibumi commented 5 years ago

Btw https://hstspreload.org doesn't seem to connect as well. https://tls.imirhil.fr/https/tu-clausthal.de works fine... this is pretty weird..

https://observatory.mozilla.org/analyze/tu-clausthal.de#tls gives more details

tamthing commented 5 years ago

I see that this issue is not observed any more. It shows support for TLS1.3 & TLS1.2 and results in A grade. Did you identify the discrepancy and the cause of it? Please reopen the ticket if you notice the issue again. I'll be closing it.

shibumi commented 5 years ago

@tamthing well, I have no idea. We have nothing changed on our side. But our Firewall vendor is currently investigating an issue in the TLS inspection gateway.. I guess it has something to do with it.