Mismatch of SSL results

[LawsHosting]

Ok, this is confusing me...... I've tested my main domain and the hostname it's on and get two completely different results..

Hostname result:

Domain result:

I do not understand, I assume the httpd-ssl.conf is used serverwide (i.e all VH)?

Any ideas?

 

[nobaloney]

I do not understand, I assume the httpd-ssl.conf is used serverwide (i.e all VH)?

This is only a reply to the one line quoted above.

Apache always uses the last configuration data it reads as it traverses all the rules for a given URL.

So the settings in httpd-ssl.conf will override any settings made before this file is included.

And any settings made in files included after this file is included will override these settings.

Where do you do the testing? That would be an interesting test for all of us to run for diagnostics.

Jeff

 

[SeLLeRoNe]

That test is made on this site: https://www.ssllabs.com/ssltest

Regarding the differences, it's actually strange, are you sure there was no result cached?

You should try again clicking
Clear cache

Just after the SSL Report line

Regards

 

[LawsHosting]

Fixed it...... My /var/www/html VH hasn't any SSL stuff in it..... but conf/extra/httpd-vhosts.conf DID have! Not sure why!

Need to check other servers for same issue

 

[SeLLeRoNe]

Oh you're right, /var/www/html probably is somehow not covered by ssl settings.

I'd test on my server but i do have server hostname set as domain for admin account, so i'd put the cert in there and made some custom virtualhost for webmail and phpmyadmin

Maybe John would have other suggestions/infos about this problem.

Regards

 

[LawsHosting]

Another server gives a

The server supports only older protocols, but not the current best TLS 1.2.
The server does not support Forward Secrecy with the reference browsers.

Even though the .conf's are identicle (yes, I checked thoroughly ).... The only difference is the Debian versions..