[Ach] Current bettercrypto.org cipher list (apache) and https://www.ssllabs.com/ssltest
Torge Riedel
torgeriedel at gmx.de
Thu Nov 13 06:56:32 CET 2014
Am 12.11.2014 um 23:48 schrieb Aaron Zauner:
> Hi Torge,
>
> Torge Riedel wrote:
>> Beneath "Handshake simulation" most reference browsers show a
>> "TLS_DHE_RSA..." cipher, following reference browsers do not use FS:
>>
>>
>> BingBot Dec 2013 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35) No FS 256
>> IE 6 / XP Protocol or cipher suite mismatch
>> Fail
>> IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35) No FS 256
>> IE 8 / XP Protocol or cipher suite mismatch Fail
>> IE 8-10 / Win 7 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35) No FS 256
>> IE 11 / Win 7 TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35) No FS 256
>> IE Mobile 10 / Win Phone 8.0 TLS 1.0
>> TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
>> IE Mobile 11 / Win Phone 8.1 TLS 1.2
>> TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
>>
>> Is there something missing in the cipher list?
>>
> Yes and No. We excluded ECDSA. Until yesterday Microsoft did not Ship
> ciphersuites with forward secrecy using RSA. This has now been fixed in
> recent versions of Microsoft products.
>
> Aaron
>
Cool,
thank you for your explanation.
Torge
More information about the Ach
mailing list