Deutsch | English

[Ach] Current bettercrypto.org cipher list (apache) and https://www.ssllabs.com/ssltest

Torge Riedel torgeriedel at gmx.de
Wed Nov 12 20:15:59 CET 2014


Hi,

just update my apache configuration to latest cipher list of bettercrypto.org and checked the server using https://www.ssllabs.com/ssltest

I get a report: "The server does not support Forward Secrecy with the reference browsers."

Beneath "Handshake simulation" most reference browsers show a "TLS_DHE_RSA..." cipher, following reference browsers do not use FS:


BingBot Dec 2013   		TLS 1.0 	TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 	256
IE 6 / XP   	   				Protocol or cipher suite mismatch 	Fail
IE 7 / Vista 	   		TLS 1.0 	TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 	256
IE 8 / XP   					Protocol or cipher suite mismatch 	Fail
IE 8-10 / Win 7  		TLS 1.0 	TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 	256
IE 11 / Win 7   		TLS 1.2 	TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 	256
IE Mobile 10 / Win Phone 8.0 	TLS 1.0 	TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 	256
IE Mobile 11 / Win Phone 8.1 	TLS 1.2 	TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 	256

Is there something missing in the cipher list?

Seems to affect IE in most cases, which is not so important to me, cause I'm a Linux user. But this is interesting.

Regards
Torge



More information about the Ach mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).
Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung