I’ve installed NS7RC1. The webserver is secured with a let’s encrypt certificate.
When I check my webserver at https://www.ssllabs.com/ssltest/analyze.html I learn that:
- SSL3 is not disabled (POODLE-attack, 2014!)
- the certificate-chain is not complete
- two more vulnerabilities I don’t know…
I haven’t changed anything to the apache, so I recon this is vulnerable ‘out-of-the-box’.
Can someone confirm these issues? Are they to be marked as bug?