Same here. Ran it when it was mentioned. Got an A. Sitting in Azure Websites with a Digicert certificate. Done nothing clever.
That’s how it should be. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Stephen Price Sent: Wednesday, 4 November 2015 7:15 PM To: ozDotNet <ozdotnet@ozdotnet.com> Subject: Re: [OT] SSL testing I guess there are some advantages to running on Azure websites. I ran that ssllabs.com<http://ssllabs.com> test against a client website that I wrote a year or so ago and got an A. No actions taken on my part (apart from setting up the Azure website to use the certificate). Nice to test it and know though. Thanks for the url. On Wed, 4 Nov 2015 at 13:20 Grant Maw <grant....@gmail.com<mailto:grant....@gmail.com>> wrote: For those interested, I've run that script on my Windows 2008 R2 box, it worked without a hitch and took me from an F to a C. I then manually added TLS 1.2, rebooted and now I am at a B. A few more bits to do and we'll get an A. [Inline images 1] On 4 November 2015 at 12:45, Paul Glavich <subscripti...@theglavs.com<mailto:subscripti...@theglavs.com>> wrote: I have run that script on our staging and production servers. Works well. Take a registry backup prior. Run it. If issues, then restore. - Glav From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> [mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On Behalf Of Greg Keogh Sent: Tuesday, 3 November 2015 12:00 PM To: ozDotNet <ozdotnet@ozdotnet.com<mailto:ozdotnet@ozdotnet.com>> Subject: Re: [OT] SSL testing "An F grade is unacceptably bad, definitely something he needs to get sorted. Hold the web developer / company accountable for that." I could barely sleep last night knowing that I'd flunked with an F. The trouble is, I don't know who to blame (I am the developer and the company!!). My web server is a pretty vanilla Win2008R2 install and I got the cert from Comodo 6 months ago. I sort of expected that regular Windows Updates would be fixing this sort of thing, or perhaps I'd get some sort of security alert somehow. Why are out-of-the-box servers falling behind best security practises? I want my server to get an A, but the script I mentioned before worries me and I'd prefer some specific and trustworthy instructions from somewhere like TechNet, a KB or MSDN to tell me exactly what to do. Greg K
