QUALYS SSL LABSのSSL Server Testに出てくるメッセージ一覧


QUALYS SSL LABSのSSL Server Test (https://www.ssllabs.com/ssltest/) は、TLSレイヤのいろいろな脆弱性を検出してくれる便利なツールですが、どういうわけか、診断メッセージの一覧表が見当たらなかったので、以下の表は私が見つけた範囲内での診断メッセージ一覧です。

等級 メッセージ
A+ HTTP Strict Transport Security (HSTS) with long duration deployed on this server. MORE INFO
A Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings. MORE INFO
A Certificate has a weak signature and expires after 2015. Upgrade to SHA2 to avoid browser warnings. MORE INFO
A- The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-. MORE INFO
A- There is no support for secure renegotiation. Grade reduced to A-. MORE INFO
B This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B. MORE INFO
B This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. MORE INFO
B This server uses SSL 3, which is obsolete and insecure. Grade capped to B. MORE INFO
B This server's certificate chain is incomplete. Grade capped to B.
C The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO
C This server does not mitigate the CRIME attack. Grade capped to C.
C This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO
C This server uses RC4 with modern protocols. Grade capped to C.
F Experimental: This server is vulnerable to the DROWN attack. Grade set to F. MORE INFO
F This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F.
F This server is vulnerable to the Heartbleed attack. Grade set to F.
F This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F.
F This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure. Grade set to F.
F This server is vulnerable to the POODLE TLS attack. Patching required. Grade set to F. MORE INFO
F This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F. MORE INFO
F This server supports anonymous (insecure) suites (see below for details). Grade set to F.
F This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam). Grade set to F. MORE INFO
F This server supports SSL 2, which is obsolete and insecure, and can be used against TLS (DROWN attack). Grade set to F. MORE INFO
T This server's certificate is not trusted, see below for details.

Q&A

Q. メッセージはこれで全部か。
A. わかりません。あくまで私が見つけたものの一覧なので、抜け漏れはあるかもしれません。

Q. この一覧は最新か。
A. これは、2016年4月~2017年1月くらいの間に私が見つけたものの一覧です。現在は廃止、変更された項目もあるかもしれません。

以上!幸運を祈る。