Hello, probely not ISPconfig related but hope someone can help me using isconfig 3.1 running on centos 6.9 Apache/2.2.15 I have a strange thing. When using ssllabs.com testing differnt domains on this server: domain A gives me a A+ rating domain B gives me a B rating. (This server accepts RC4 cipher, but only with older protocols. Grade capped to B) in /etc/httpd/conf.d/ssl.conf i have SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHASTRENGTH SSLHonorCipherOrder on when looking in /etc/httpd/conf/sites-available i see this: <IfModule mod_ssl.c> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM- SSLHonorCipherOrder on # <IfModule mod_headers.c> # Header always add Strict-Transport-Security "max-age=15768000" # </IfModule> so there is no other CipherSuite in the vsite configs any idee why one domain gifs me a A rating and another a B rathing? Thanxs Steffan
https://www.ssllabs.com/ssltest/analyze.html?d=duo-care.nl This server accepts RC4 cipher, but only with older protocols. Grade capped to B. MORE INFO » https://www.ssllabs.com/ssltest/analyze.html?d=61.tkservers.com Thias is a A
