Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 00:50:46

Author Topic: SSL problems in ssllabs.com  (Read 7116 times)

0 Members and 1 Guest are viewing this topic.

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
SSL problems in ssllabs.com
« on: 2017-04-06, 00:01:10 »
I need help for better setup of SSL of my server. I made test in ssllabs.com and result is F grade.

Cipher Suites problems:
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   INSECURE    128
TLS_DHE_RSA_WITH_DES_CBC_SHA (0x15)   DH 2048 bits   FS   INSECURE    56
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE    128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE    128

I see that i have problem with RC4.

Where and what to change to be better setup?

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL problems in ssllabs.com
« Reply #1 on: 2017-04-06, 00:22:08 »
Inform here 'sh /script/sysinfo'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #2 on: 2017-04-06, 21:19:52 »
Code: [Select]
A. Kloxo-MR: 7.0.0.b-2015100801
   - Web: hiawatha-9.14.0-f.6.mr.el6.x86_64
   - PHP: php54s-5.4.45-1.ius.el6 (cgi mode)
B. Plateform:
   - OS: CentOS release 6.7 (Final) x86_64
   - Hostname: host.piximus.net
C. Services:
   1. MySQL: --uninstalled--
   2. PHP:
      - Branch: php54-cli-5.4.45-1.ius.el6.x86_64
      - Used: --Use PHP Branch--
   3. Httpd: httpd-2.2.31-1.mr.el6.x86_64
      - PHP Type: php-fpm_event
   4. Lighttpd: --uninstalled--
   5. Hiawatha: --unused--
   6. Nginx: --uninstalled--
   7. Cache: --uninstalled--
   8. Dns: bind-9.9.7-1.mr.el6.x86_64
   9. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
      - with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.x86_64
D. Memory:
                total       used       free     shared    buffers     cached
   Mem:          6144       2010       4133          0          0          0
   -/+ buffers/cache:       2010       4133
   Swap:            0          0          0
E. Disk Space:
   Filesystem      Size  Used Avail Use% Mounted on
   /dev/simfs      400G  175G  226G  44% /

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL problems in ssllabs.com
« Reply #3 on: 2017-04-07, 01:56:37 »
Update your Kloxo-MR with 'yum clean all; yum update -y' and then reboot. After reboot, run 'sh /script/cleanup'.

Need update because your OS and Kloxo-MR is too old.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #4 on: 2017-04-07, 21:27:03 »
After update, websites not working. I receive
Code: [Select]
Error 500 - Internal Server ErrorAlso most of kloxo commands are not found.
Code: [Select]
sh: /script/sysinfo: No such file or directory
In error logs for domain:
Code: [Select]
[Fri Apr 07 15:54:24 2017] [error] [client 66.249.66.182] FastCGI: incomplete headers (0 bytes) received from server...
After reinstall kloxo7 and cleanup, everything back to normal.
ssllabs.com grade A !

Only problem after update is FTP connection. Can not connect, pure-ftp service is not working.

« Last Edit: 2017-04-08, 00:02:28 by mawerick »

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL problems in ssllabs.com
« Reply #5 on: 2017-04-08, 16:21:56 »
For ftp, try 'chkconfig pure-ftpd on; sh /script/restart-ftp'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #6 on: 2017-04-08, 19:02:34 »
I receive error:
Code: [Select]
error reading information on service pure-ftpd: No such file or directory
I try to install it, because i think it's missing, but it's already installed.
Code: [Select]
Package pure-ftpd-1.0.37-1.mr.el6.x86_64 already installed and latest version
Nothing to do

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL problems in ssllabs.com
« Reply #7 on: 2017-04-08, 20:25:51 »
Try 'yum reinstall pure-ftpd -y; chkconfig pure-ftpd on; sh /script/restart-ftp'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #8 on: 2017-04-09, 18:25:21 »
Pure-ftp start working, but can not connect with FTP users, try new password but no success. Try with passive / active mode, nothing.

Code: [Select]
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command: USER *****
Response: 331 User ***** OK. Password required
Command: PASS ****************
Response: 530 Login authentication failed
Error: Critical error: Could not connect to server

Problem solved. There is @ char in pass. I see in other post, that might be a problem.
« Last Edit: 2017-04-09, 19:29:31 by mawerick »

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #9 on: 2017-04-12, 14:16:24 »
I have new problem, after Kloxo update, but don't want to open new post.

On a random time, i'm not sure but day, or two,  i think that some precedure return all settings to default.
I edit 00-base.cnf fiile, because i want to enable deflate module. By default it's disabled. So after i edit it, it's wokring, but after time, config file is with disabled deflate module.
Any idea?

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL problems in ssllabs.com
« Reply #10 on: 2017-04-12, 14:34:21 »
By default deflat already disable. Only enable if pagespeed enabled.

But, if you want enable deflat without enable pagespeed, create 00-default.conf with content 'LoadModule deflate_module modules/mod_deflate.so'
« Last Edit: 2017-04-12, 14:37:58 by MRatWork »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #11 on: 2017-04-12, 15:16:50 »
But, if you want enable deflat without enable pagespeed, create 00-default.conf with content 'LoadModule deflate_module modules/mod_deflate.so'

I did it, but after while, i don't know how, but deflate module set to disable(comment with #)

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL problems in ssllabs.com
« Reply #12 on: 2017-04-12, 15:23:56 »
You mean set to '#' inside 00-default.conf (sorry it's wrong name; I mean '00-deflat.conf').
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #13 on: 2017-04-17, 20:06:33 »
I do it and work perfect.

Another problem witn DNS/named service. Every day, at the same time named service stop working properly. I don't know how and why, but i have to do:

Code: [Select]
sh /script/fixdns;
service named restart

If i don't do fixdns, only restart of named service, i receive this error:

Code: [Select]
Stopping named:                                            [  OK  ]
Starting named:
Error in named configuration:
zone domain***.net/IN: loaded serial 2017041552
zone domain***.net/IN: loaded serial 2017041554
dns_master_load: master/domain***.net:4: unexpected end of line
dns_master_load: master/domain***.net:4: unexpected end of input
zone domain***.net/IN: loading from master file master/domain***.net failed: unexpected end of input
zone domain***.net/IN: not loaded due to errors
....
[FAILED]

I think, after Kloxo update, somethnig in domain dns configs got wrong, but don't know how to fix it.
Any idea?


Offline mawerick

  • Junior Member
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: SSL problems in ssllabs.com
« Reply #14 on: 2017-04-24, 21:48:07 »
UP

 


Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine

Page created in 0.03 seconds with 21 queries.

web stats analysis