SSL cypers weird problem

Discussion in 'Installation/Configuration' started by Steffan, Nov 27, 2017.

  1. Steffan

    Steffan Member

    When i test 2 ssl certs, both lets encrypt im getting 2 diffent scores
    first one is the servername A+
    https://www.ssllabs.com/ssltest/analyze.html?d=61.tkservers.com

    Second is a website B
    https://www.ssllabs.com/ssltest/analyze.html?d=duo-care.nl

    Any idees why?

    The settings in /etc/httpd/conf/sites-enabled/000-ispconfig.vhost are
    SSLEngine On
    SSLProtocol All -SSLv2 -SSLv3
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS


    These are the same in /etc/httpd/conf.d/ssl.conf
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    duo-care.nl
    This server accepts RC4 cipher, but only with older protocols. Grade capped to B
     
  3. Steffan

    Steffan Member

    yes i know but where is the difference
    the cypers are only set in /etc/httpd/conf.d/ssl.conf and /etc/httpd/conf/sites-enabled/000-ispconfig.vhost
     
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    the ciphers in 000-ispconfig.vhost are used the ispconfig-vhost and not for any other site. if the ciphers in ssl.conf are not shown during the checks, make sure, that this file is loaded by your webserver
     

Share This Page