I have two custom Windows web sites, running released and beta versions of OpenSSL. The beta version only gets an A- score with SSL Labs, whereas the release version gets A+.
https://www1.telecom-tariffs.co.uk/serverinfo.htm shows server status, and that it's running OpenSSL 1.1.0-pre5 (beta) 19 Apr 2016, SSL Labs says: 'Cipher Suites (sorted by strength as the server has no preference;) The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.' https://www.telecom-tariffs.co.uk/serverinfo.htm is the main live server running OpenSSL 1.0.2h 3 May 2016, and gets a score A+ saying 'Cipher Suites (SSL 3+ suites in server-preferred order)'. The application is identical with CIPHER_SERVER_PREFERENCE specified and a Mozilla intermediate cipher list (shown on the status page), but SSL Labs suggests there is no server preference so forward security ciphers are not prioritised. The OpenSSL implementation is for Windows Embarcadero Delphi and the free ICS internet component suite which I support, it uses our own Pascal version of the OpenSSL C header files, originally created 10 years ago and updated for each new OpenSSL release, so there is a risk we might miss subtle header changes like constants changing. I realise pre5 is a month old, but can not see this issued raised in the last month. Angus -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
