What i find weird is it scans with an A score using a quick scan SSL Server Test (Powered by Qualys SSL Labs) . but when the paid scanner product from Qualys scans it fails the site, because of that cipher suite. Has anyone else seen that or know if there is a way to turn off a cipher suite? I’ve created a ticket with cloudflare, I might make one with Qualys since this seems new as we scan quarterly, we have a paid business account.
We don’t want anyone connecting to our site with TLS 1.0 or 1.1 anyway. So that would be a positive for us and we have min support set to 1.2 already. So I guess I need to go to Qualys support and see why they failed our site for this when it should have only been marked as an orange weak according to their own blog posts?
Edit: so basically the solution was to just tell the vendor about this thread. and that it isn’t vulnerable. They took tat as acceptable.