Hi Petro,
1. We plan to start HTTP2 support from v14.4P10 which is planned to be out in Q2 2021
2. You can disable TLS and ciphers via ssl settings in global objects.
3. Regarding pen tests failing I suggest to move to latest LTS version or v14 as several fixes where in this area.
Thanks,
Michael.
------------------------------
Michael Sorin
------------------------------
Original Message:
Sent: 02-02-2021 13:19
From: Petro Deruha
Subject: Protect the site ssllabs F and HTTP2
Good afternoon, I'm an SEO site optimizer unian.ua and we have a site protected by your software
Unfortunately when checking the site on ssllabs the result of the site test shows F
Also, to speed up the site, we really need the server to work on HTTP2
Our system administrators say that your software does not support the http2 security service and that you can't set up to get an A or A result when checking the domain on the ssllabs service.
The speed of the site and its protection is very important for us, as we are a news site, but it is very sad that the site with your protection can not work on HTTP2, you can not disable TLS 1.0 and TLS 1.1
And when checking shows F
As is
This server is vulnerable to the Zombie POODLE vulnerability. Grade set to F.
This server is vulnerable to the GOLDENDOODLE vulnerability. Grade set to F.
This server is vulnerable to the OpenSSL 0-Length vulnerability. Grade set to F
I ask you to tell you how to set up system administrators correctly or where to read in the documentation that the site meets the requirements to protect people.
Or we can be protected by cloudflare :(
I really hope that simply our system administrators that something is not set up correctly.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Petro Deruha
------------------------------