2

Domain: burian-server.cz

What I've tried:

user@pc ~ $ curl -v -3 -X HEAD https://burian-server.cz
* Rebuilt URL to: https://burian-server.cz/
* Hostname was NOT found in DNS cache
*   Trying 192.168.0.102...
* Connected to burian-server.cz (192.168.0.102) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to burian-server.cz:443 
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to burian-server.cz:443 

As compared to another domain of mine sslhosting.cz, run on a different hosting:

user@pc ~ $ curl -v -3 -X HEAD https://sslhosting.cz
* Rebuilt URL to: https://sslhosting.cz/
* Hostname was NOT found in DNS cache
*   Trying 88.86.120.114...
* Connected to sslhosting.cz (88.86.120.114) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

One tester told me I am "probably" not vulnerable, which I do not really understand.

As there are noticeable differences in the above outputs, I suspect I might have configured my Apache server incorrectly.

  • 2
    [Your setup looks fine.](https://www.ssllabs.com/ssltest/analyze.html?d=burian-server.cz&hideResults=on) – Michael Hampton Apr 22 '16 at 08:55
  • 1
    "As there are noticeable differences in the above outputs" it's probably due to the first domain served by apache and the second by nginx. But they are both do not accept SSLv3 – ALex_hha Apr 22 '16 at 09:08

1 Answers1

1

Actually, https://burian-server.cz/ looks really good. A great free resource for testing https is Qualys SSL Labs' SSL Server Test. Not only will they do a comprehensive test, they also point in detail to practical action that can be taken and their site has lots of up to date information explaining current attack vectors and mitigations. Ivan Ristic, the creator of mod_security, is director of engineering at Qualys.

Colt
  • 1,939
  • 6
  • 20
  • 25