mhmm, bekomme beim SSL Report (
https://www.ssllabs.com/ssltest/index.html) aber weiterhin nur Overall Rating F hin.
Hier mal der Auszug:
Authentication
Server Key and Certificate #1
Common names *.meinNAME.com
Alternative names -
Prefix handling Not required for subdomains
Valid from Fri Sep 26 06:37:01 UTC 2014
Valid until Sun Oct 26 06:37:01 UTC 2014 (expires in 29 days, 21 hours)
Key RSA 4096 bits
Weak key (Debian) No
Issuer *.pd-meinNAME.com Self-signed
Signature algorithm SHA256withRSA
Extended Validation No
Revocation information None
Trusted No NOT TRUSTED (Why?)
Additional Certificates (if supplied)
Certificates provided 1 (1526 bytes)
Chain issues None
Certification Paths
Path #1: Not trusted (path does not chain to a trusted anchor)
1 Sent by server
Not in trust store *.meinNAME.com
SHA1: 1203c86ab85a6ca67a377e51b35638eee3d0226d
RSA 4096 bits / SHA256withRSA
Configuration
Protocols
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 Yes
SSL 2 INSECURE Yes
Cipher Suites (sorted by strength; the server has no preference)
SSL_CK_RC4_128_EXPORT40_WITH_MD5 (0x20080) INSECURE 40
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 (0x40080) INSECURE 40
TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) WEAK 40
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6) WEAK 40
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) WEAK 40
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x14) DH 512 bits (p: 64, g: 1, Ys: 64) FS WEAK 40
SSL_CK_DES_64_CBC_WITH_MD5 (0x60040) INSECURE 56
TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56
TLS_DHE_RSA_WITH_DES_CBC_SHA (0x15) DH 1024 bits (p: 128, g: 1, Ys: 128) FS WEAK 56
SSL_CK_RC4_128_WITH_MD5 (0x10080) INSECURE 128
SSL_CK_RC2_128_CBC_WITH_MD5 (0x30080) INSECURE 128
SSL_CK_IDEA_128_CBC_WITH_MD5 (0x50080) INSECURE 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_IDEA_CBC_SHA (0x7) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0) INSECURE 112
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 112
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256
Handshake Simulation
Android 2.3.7 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128
Android 4.0.4 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256
Android 4.1.1 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256
Android 4.2.2 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256
Android 4.3 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256
Android 4.4.2 TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) FS 256
BingBot Dec 2013 No SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128
BingPreview Jun 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256
Chrome 37 / OS X R TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) FS 128
Firefox 24.2.0 ESR / Win 7 TLS 1.0 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) FS 256
Firefox 32 / OS X R TLS 1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) FS 128
Googlebot Jun 2014 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS RC4 128
IE 6 / XP No FS 1 No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128
IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128
IE 8 / XP No FS 1 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128
IE 8-10 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128
IE 11 / Win 7 R TLS 1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) No FS 128
IE 11 / Win 8.1 R TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) FS 256
IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128
IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) No FS 128
Java 6u45 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128
Java 7u25 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128
Java 8b132 TLS 1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) No FS 128
OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256
OpenSSL 1.0.1h TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) FS 256
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128
Safari 6 / iOS 6.0.1 R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) No FS 256
Safari 7 / iOS 7.1 R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) No FS 256
Safari 8 / iOS 8.0 Beta R TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) FS 256
Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128
Safari 7 / OS X 10.9 R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) No FS 256
Yahoo Slurp Jun 2014 No SNI 2 TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) FS 256
YandexBot Sep 2014 TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) FS 256
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
Protocol Details
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info) SSL 3: 0x6, TLS 1.0: 0x6
TLS compression No
RC4 Yes (not with TLS 1.1 and newer) (more info)
Heartbeat (extension) Yes
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
Forward Secrecy With some browsers (more info)
Next Protocol Negotiation No
Session resumption (caching) Yes
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance TLS 2.98
SSL 2 handshake compatibility Yes
Miscellaneous
Test date Fri Sep 26 09:01:50 UTC 2014
Test duration 95.964 seconds
HTTP status code 200
HTTP server signature Apache/2.2.21 (Win32) DAV/2 mod_ssl/2.2.21 OpenSSL/1.0.1i PHP/5.3.8
Server hostname XXXXXX.dyndsl.XXXXXXX.de
PCI compliant No
FIPS-ready No