[Ach] Current bettercrypto.org cipher list (apache) and https://www.ssllabs.com/ssltest
Torge Riedel
torgeriedel at gmx.de
Wed Nov 12 20:15:59 CET 2014
Hi,
just update my apache configuration to latest cipher list of bettercrypto.org and checked the server using https://www.ssllabs.com/ssltest
I get a report: "The server does not support Forward Secrecy with the reference browsers."
Beneath "Handshake simulation" most reference browsers show a "TLS_DHE_RSA..." cipher, following reference browsers do not use FS:
BingBot Dec 2013 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
IE 6 / XP Protocol or cipher suite mismatch Fail
IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
IE 8 / XP Protocol or cipher suite mismatch Fail
IE 8-10 / Win 7 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
IE 11 / Win 7 TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Is there something missing in the cipher list?
Seems to affect IE in most cases, which is not so important to me, cause I'm a Linux user. But this is interesting.
Regards
Torge
More information about the Ach
mailing list