QUALYS SSL LABSのSSL Server Testに出てくるメッセージ一覧
QUALYS SSL LABSのSSL Server Test (https://www.ssllabs.com/ssltest/) は、TLSレイヤのいろいろな脆弱性を検出してくれる便利なツールですが、どういうわけか、診断メッセージの一覧表が見当たらなかったので、以下の表は私が見つけた範囲内での診断メッセージ一覧です。
等級 | メッセージ |
---|---|
A+ | HTTP Strict Transport Security (HSTS) with long duration deployed on this server. MORE INFO |
A | Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings. MORE INFO |
A | Certificate has a weak signature and expires after 2015. Upgrade to SHA2 to avoid browser warnings. MORE INFO |
A- | The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-. MORE INFO |
A- | There is no support for secure renegotiation. Grade reduced to A-. MORE INFO |
B | This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B. MORE INFO |
B | This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. MORE INFO |
B | This server uses SSL 3, which is obsolete and insecure. Grade capped to B. MORE INFO |
B | This server's certificate chain is incomplete. Grade capped to B. |
C | The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO |
C | This server does not mitigate the CRIME attack. Grade capped to C. |
C | This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO |
C | This server uses RC4 with modern protocols. Grade capped to C. |
F | Experimental: This server is vulnerable to the DROWN attack. Grade set to F. MORE INFO |
F | This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F. |
F | This server is vulnerable to the Heartbleed attack. Grade set to F. |
F | This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F. |
F | This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure. Grade set to F. |
F | This server is vulnerable to the POODLE TLS attack. Patching required. Grade set to F. MORE INFO |
F | This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F. MORE INFO |
F | This server supports anonymous (insecure) suites (see below for details). Grade set to F. |
F | This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam). Grade set to F. MORE INFO |
F | This server supports SSL 2, which is obsolete and insecure, and can be used against TLS (DROWN attack). Grade set to F. MORE INFO |
T | This server's certificate is not trusted, see below for details. |
Q&A
Q. メッセージはこれで全部か。
A. わかりません。あくまで私が見つけたものの一覧なので、抜け漏れはあるかもしれません。
Q. この一覧は最新か。
A. これは、2016年4月~2017年1月くらいの間に私が見つけたものの一覧です。現在は廃止、変更された項目もあるかもしれません。
以上!幸運を祈る。
Author And Source
この問題について(QUALYS SSL LABSのSSL Server Testに出てくるメッセージ一覧), 我々は、より多くの情報をここで見つけました https://qiita.com/n-i-e/items/20c613a321299d27e946著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .