BLCloud SSL TLS Support Results

The results from this test showed: https://www.ssllabs.com/ssltest/analyze.html?d=blcloud.net

Making Changes for Improved Security Ratings

Disable TLS 1.0 and 1.1

Using a Powershell command or Registry editing:

https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#use-powershell-to-disable-tls-10

Enable strong authentication for .NET applications:

Using a Powershell script:

Manage SSL/TLS protocols and cipher suites for AD FS

 

2024-01-16

Overall Rating

A

image-20240116-165249.png

This site works only in browsers with SNI support.

This server supports TLS 1.3.

Chain Issues: None

Common names: *.blcloud.net

Alternative names: *.blcloud.net blcloud.net

Protocols

 

Protocols

 

TLS 1.3

Yes

TLS 1.2

Yes

TLS 1.1

No

TLS 1.0

No

SSL 3

No

SSL 2

No

Cipher Suites

TLS 1.3 (suites in server-preferred order)

TLS_AES_256_GCM_SHA384 (0x1302) ECDH secp384r1 (eq. 7680 bits RSA) FS

 

256

TLS_AES_128_GCM_SHA256 (0x1301)   ECDH x25519 (eq. 3072 bits RSA)   FS

 

128

TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp384r1 (eq. 7680 bits RSA) FS

 

256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH x25519 (eq. 3072 bits RSA)   FS

 

128

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits   FS

 

256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 2048 bits   FS

 

128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS

WEAK

256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH x25519 (eq. 3072 bits RSA)   FS

WEAK

128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp384r1 (eq. 7680 bits RSA)   FS

WEAK

256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA)   FS

WEAK

128

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)

WEAK

256

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)

WEAK

128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)

WEAK

256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)

WEAK

128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

WEAK

256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

WEAK

128

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

WEAK

112

2022-10-12

Overall Rating

Protocols

 

Protocols

 

TLS 1.3

No

TLS 1.2

Yes

TLS 1.1

Yes

TLS 1.0

Yes

SSL 3.0

No

SSL 2.0

No

Cipher Suites

TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  

WEAK

256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  

WEAK

128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  

WEAK

256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  

WEAK

128

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits   FS  

WEAK

256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits   FS  

WEAK

128

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)  

WEAK

256

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)  

WEAK

128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)  

WEAK

256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)  

WEAK

128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)  

WEAK

256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)  

WEAK

128

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)  

WEAK

112

TLS_RSA_WITH_RC4_128_SHA (0x5)  

INSECURE

128

TLS_RSA_WITH_RC4_128_MD5 (0x4)  

INSECURE

128