The server does not have SSL/TLS encryption on port 443

So was doing some tightening up of security on one of our servers. Everything was going good and was going through things step by step and then suddenly the testing site started giving the message "The server does not have SSL/TLS encryption on port 443. Data exchange with end-users can be intercepted.".

[removed due to use of real domain names]

The Plesk server hasn't suffered the same fate though, so it's odd!

[removed due to use of real domain names]

I have tried changing back all the settings I made changes to (SSL Protocols, Ciphers etc.), but the error message still comes up.

We use LiteSpeed, but as it is still tied into Apache, I have rebuilt the config, force reinstalled LiteSpeed and still hasn't resolved it.

Qualys SSL Labs sees it as OK:
[removed due to use of real domain names]

The only issue here is that I have tried to get TLSv1.1 to work, but it doesn't seem to pick up the settings, or at one point when changing settings it had both TLSv1.0 and TLSv1.1 working, but I don't want TLSv1.0.

Any help would be appreciated, as this is a production server, and I am worried that although everything seems to be working fine, and one test says it's OK, I would rather make sure it is fully working. Things like this tend to bug me!

Cheers

 

Hi Michael,

I'll see if they have a support/contact area on the site.

What about not being able to set the protocols being used by the server? The settings don't seem to apply and the server is only using TLS 1.2. Any thoughts on what has happened there?

Cheers.

 

Hi Michael,

That is where I have been making the change. I tried all sorts of combinations. The current one I have set is:
"ALL -SSLv2 -SSLv3 -TLSv1"

Nothing seems to allow TLSv1.1, even with +TLSv1.1.

I have tried switching to and from LiteSpeed and Apache, but still reporting as no TLSv1.1 and only version 1.2 (Apache) and 1.2 and 1.3 (LiteSpeed).

A new version of LiteSpeed has just come out, so attempting to upgrade that and see what happens.

Cheers.

 

So I reverted to a snapshot from the 6th of January and was able to get the SSL test at HT Bridge to work. It came back with an A rating. I tried backing up the configuration and testing it on the server after reverting it back to the snapshot I took today, before going back to the older one, and it had no affect.

So, I am lost as to what is causing it, and I can't have it running from the 6th of January snapshot as there is likely a lot of customer website changes and email etc. that would be lost.

So there does appear to be some validity to the test being broken.