ssl checker show
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 t`
POODLE attacks on SSLv3 vulnerability
ssl checker
https://www.sslshopper.com/ssl-checker.html
my centos /etc/httpd/conf.d/ssl.conf
Medium manner
SSLProtocol all -SSLv2
Changed
SSLProtocol all -SSLv3 -SSLv2
SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DE
Further improve the security of SSL to support Forward Secrecy
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
This server's certificate chain is incomplete. Grade capped to B.
Modify centos /etc/httpd/conf.d/ssl.conf
in
SSLCertificateKeyFile /etc/letsencrypt/live/[FQDN]/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/[FQDN]/fullchain.pem
Sake
SSLCertificateKeyFile /etc/letsencrypt/live/[FQDN]/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/archive/[FQDN]/chain1.pem
SSLCertificateFile /etc/letsencrypt/live/[FQDN]/fullchain.pem
or
SSLCertificateKeyFile /etc/letsencrypt/live/[FQDN]/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/[FQDN]/chain.pem
SSLCertificateFile /etc/letsencrypt/live/[FQDN]/fullchain.pem
After adding chain1.pem, ssllab show A score of