Improving Qualys SSL server test results regarding Poodle attack and SHA1

Fancy being in the Qualys list of worst recent server tested for SSL? Got a T rating (A being the target)  mainly it’s due to the fact that I’m using self-signed certificates (no need to certify my authenticity toward myself), otherwise I’d get a C.

I fixed the following issues so now I get a A (ignoring self-signed):

It’s a good practice to get servers tested every now and then.

Update: for dovecot imap server edit /etc/dovecot/conf.d/10-ssl.conf and set

ssl_protocols = !SSLv2 !SSLv3

 For exim the relevant options should be added in your main conffile (depends on your setup, splitted or not, etc):

#openssl_options = +no_sslv2 +no_sslv3  # compiled with SSL
tls_require_ciphers = NORMAL:!VERS-SSL3.0

2 thoughts on “Improving Qualys SSL server test results regarding Poodle attack and SHA1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s