Hello, dear Community
I faced with the next issue:
My site appeared as used weak ciphers (I saw it at ssllabs & when try to check it via nmap with scirpt ssl-enum-ciphers)
I have domain which maintained by CF zone. i.e - bbb.io
Subdomain use name xxx.bbb.io. I set up server to use TLS1.1 & TLS1.2. Set strong ciphers(A+ level). Test it via nmap & ssllabs. All seemed fine. After that I hide website behind Cloudflare. At Cypto tab set - minimum TLS 1.1. Changes were applied.
After that my site seems as site which used TLS1.0 and weak ciphers such as
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| cipher preference: server
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Weak certificate signature: SHA1
I tried to set minimal TLS version to 1.2. It does not help. My site still appeared as used weak cipher & TLS 1.0.
What should I do in order to avoid using TLS 1.0 & weak cipher?
Thanks in advance,