Galaxy deployed apps getting B grade on ssllabs test

I have tested my application which is deployed on meteor galaxy, on sslLabs (SSL Server Test (Powered by Qualys SSL Labs)) and getting B grade as test result.
Reason : “This server supports TLS 1.0 and TLS 1.1. Grade capped to B.”
How i get A or A++ grade on sslLabs ?

You can manually set SSL to 1.2 in the settings for your app:

3 Likes

Thank you @storyteller , i have switched my TLS protocol service to minimum 1.2 on galaxy settings and restarted my application, But the ssllabs test result still capped to B and with the same reason - “This server supports TLS 1.0 and TLS 1.1. Grade capped to B.”

image

1 Like

Hey @suneethloremine, yes, we have apps that accept TLS 1.0 and 1.1 so we don’t declare these protocols as not supported but if you try to send a request using these versions your app is not going to receive these requests.

So, TL;DR we do support these versions in our proxy but your app doesn’t.

If you want to be sure, you can run this code against your hostname:

var https = require('https')
var options = {
  hostname: 'YOUR HOSTNAME WITHOUT HTTPS',
  port: 443,
  method: 'GET',
  secureProtocol: "TLSv1_method"
}

https.request(options, res => {
  let body = ''
  res.on('data', d => body += d)
  res.on('end', () => {
    data = JSON.parse(body)
    console.log('SSL Version: ' + data.tls_version)
  })
}).on('error', err => {
  // This gets called if a connection cannot be established.
  console.warn(err)
}).end()
4 Likes

Thank you @denyhs :slight_smile: