Just being inquisitive, I was checking the security of other 2 exchanges. Why do they drastically fail the test, though they are using https both ?
unocoin.com (198.199.115.242)
https://www.ssllabs.com/ssltest/analyze.html?d=unocoin.com Experimental: This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F.Wow a new bug identified in OpenSSL a week ago
https://access.redhat.com/site/articles/904433SSLlabs says the bug identification method they are using is experimental. But will surely look into fixing the issue.
Thanks for reporting.
Is not it something the HTTPS issuing authority supposed to take care ?
It seems to be related to updating of OpenSSL. Not something issuing authority take care of.
Yeah that was it. Unocoin.com is good now.
What to do for this OpenSSL update ? Care to share ?
I just used an online guide - not exactly sure of the commands i used. But i believe they are these:
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install openssl libssl-dev
apt-cache policy openssl libssl-dev