Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No error messages for insecure ciphers #419

Closed
ivanr opened this issue Oct 31, 2016 · 3 comments

Comments

@ivanr
Copy link
Contributor

commented Oct 31, 2016

There is no error message in the top section of the report when a site is penalized because it supports insecure ciphers. For example:
https://www.ssllabs.com/ssltest/analyze.html?d=static-rsa.badssl.com

@ivanr ivanr added the bug label Oct 31, 2016

@bhushan5640

This comment has been minimized.

Copy link
Collaborator

commented Nov 14, 2016

@RobTho

This comment has been minimized.

Copy link

commented Nov 14, 2016

Hi,

no "insecure" BAR when other Ciphers that are treated as insecure like RC4 ? Only when Null ?
https://dev.ssllabs.com/ssltest/analyze.html?d=rc4.badssl.com&hideResults=on

@bhushan5640

This comment has been minimized.

Copy link
Collaborator

commented Nov 15, 2016

For various insecure Ciphers we have different messages
eg. For Anonymous insecure Ciphers we have different Bar that says Grade set to F because of Anonymous suites.

I think for above rc4.badssl.com Bar message is correct but it should also say Grade set to F.

@ivanr ivanr closed this Nov 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.