Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

issue with SSL reporting vulnerability

Discussion in 'Security' started by Venomous21, Mar 5, 2018.

  1. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    I have a VPS with two ips using Let's Encrypt plugin to secure our sites. Using the Qualys SSL Labs test, if I scan any site on the primary IP (shared), I am capped at a B grade since the server does not support Forward Secrecy and the site only works in browsers with SNI support. Here's where it gets interesting...

    If I can scan the one site on the secondary (dedicated) IP, I get a rating of F, this server is vulnerable to DROWN attack. Under the DROWN report on SSL Labs, it says:


    IP Address Port Export Special Status
    x.x.x.x 443 Yes Yes Vulnerable (same hostname with SSL v2)

    I don't control the IP listed above. If I do a reverse lookup on this IP, it is a different host name but is the actual IP of the company's office, which is different than the IP of their website.

    Ignore the F rating or a way to fix it? This is a VPS running latest version of CentOS 6 with latest centos6 open ssl package.

    Thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,247
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Here are a couple of threads where this is discussed:

    Getting Perfect Forward Secrecy Question
    SOLVED - htaccess Header Set doesn't set

    You may want to reach out to your hosting provider or data center to have them ensure the RDNS record for this IP address points to your server's hostname, or the domain name that's using this IP address as a dedicated IP for it's website.

    Thank you.
     
Loading...

Share This Page