When I test this version with
www.ssllabs.com/ssltest/, I get a grade of F, specific to SSL testing we get:
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 No
SSL 2 INSECURE Yes
Any thoughts on how to configure SmallWall to get the following response on SSL?:
Protocols
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
Also, here is the additional info recieved:
Protocol Details
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation Supported DoS DANGER (more info)
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info) TLS 1.0: 0x9
POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) No (more info)
Downgrade attack prevention Unknown (requires support for at least two protocols)
SSL/TLS compression No
RC4 Yes WEAK (more info)
Heartbeat (extension) No
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
Forward Secrecy No WEAK (more info)
Next Protocol Negotiation (NPN) No
Session resumption (caching) No (IDs assigned but not accepted)
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) No
Public Key Pinning (HPKP) No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance No
Incorrect SNI alerts No
Uses common DH primes No, DHE suites not supported
DH public server param (Ys) reuse No, DHE suites not supported
SSL 2 handshake compatibility Yes