HTTP-6710 - Not giving any details what needs to be fixed

[daniejstriata]

Describe the bug I have a server running Nginx. Lynis detects an issue (HTTP-6710) but looking through the lynis.log and lynis-report.log I cannot see what failed to have triggered the finding.

Version

• Amazon Linux 2
• Lynis version [ Lynis 3.0.8 ]

Expected behavior Provide a reason why HTTP-6710 triggered

Output

→  /usr/local/lynis/lynis  show details HTTP-6710 
2022-07-04 08:30:26 Performing test ID HTTP-6710 (Check nginx SSL configuration settings)
2022-07-04 08:30:26 Result: SSL is configured in nginx on one or more virtual hosts
2022-07-04 08:30:26 Hardening: assigned maximum number of hardening points for this item (5). Currently having 206 points (out of 244)
2022-07-04 08:30:26 Result: one or more parts of the nginx configuration could be enhanced regarding SSL
2022-07-04 08:30:26 Suggestion: Change the HTTPS and SSL settings for enhanced protection of sensitive data and privacy [test:HTTP-6710] [details:-] [solution:-]
2022-07-04 08:30:26 ====

Looking at the lynis-report.log I see nothing flagging in there up to the point where it prints that there is a finding.

[konstruktoid]

I agree it's vague, can you use https://www.ssllabs.com/ssltest/ against your server and see what it recommends?

[daniejstriata]

This site gets an A+