SSL centminmod.com ssllabs dev tests 16/6/16

Working on my HTTPS version of centminmod.com's sites HTTP/2 SSL configuration testing dual ECDSA+RSA ssl certificate support in Nginx 1.11 branch and running my site through ssllabs dev version online testing tool at SSL Server Test (Powered by Qualys SSL Labs)

Results as at 16/6/16 which is almost 6 1/2 weeks since the OpenSSL CVE-2016-2107 vulnerability announcement. The dev.ssllabs.com tool can detect if your web site's web server is vulnerable and automatically give you a F rating if it is !

Looking good, not A+ has i have HSTS disabled as I need to be able to test both HTTP & HTTPS version of my site and Centmin Mod LEMP stack's Nginx operation etc

---

Unfortunately, alot of web servers online are still vulnerable to OpenSSL CVE-2016-2107 security flaw Companies Are Slow to Patch Latest OpenSSL Flaw

You can use these online tools to test if your HTTPS enabled site are vulnerable or safe

• Test your server for yet another CBC padding oracle (CVE-2016-2107)
• SSL Server Test (Powered by Qualys SSL Labs)

Example results





what sslllabs will report if you're vulnerable to OpenSSL CVE-2016-2107 which was announced more than 6 1/2 weeks ago !





another example





So folks be safe and make sure your web server is up to date and not vulnerable to OpenSSL CVE-2016-2107 which was fixed in OpenSSL 1.0.2h and LibreSSL 2.3.4+

For Centmin Mod Nginx, the relevant threads are:

• Security - OpenSSL 1.0.h & Updating Centmin Mod Nginx SSL Support | Centmin Mod Community
• Security - LibreSSL 2.3.4 Released | Centmin Mod Community
• LibreSSL 2.3.6 Released - bug fixes | Centmin Mod Community

 

@Sunka looks good to me