Deutsch | English

[Ach] Current bettercrypto.org cipher list (apache) and https://www.ssllabs.com/ssltest

Aaron Zauner azet at azet.org
Wed Nov 12 23:48:49 CET 2014


Hi Torge,

Torge Riedel wrote:
> Beneath "Handshake simulation" most reference browsers show a
> "TLS_DHE_RSA..." cipher, following reference browsers do not use FS:
> 
> 
> BingBot Dec 2013           TLS 1.0     TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35)   No FS     256
> IE 6 / XP                          Protocol or cipher suite mismatch    
> Fail
> IE 7 / Vista                TLS 1.0     TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35)   No FS     256
> IE 8 / XP                       Protocol or cipher suite mismatch     Fail
> IE 8-10 / Win 7          TLS 1.0     TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35)   No FS     256
> IE 11 / Win 7           TLS 1.2     TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35)   No FS     256
> IE Mobile 10 / Win Phone 8.0     TLS 1.0    
> TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS     256
> IE Mobile 11 / Win Phone 8.1     TLS 1.2    
> TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS     256
> 
> Is there something missing in the cipher list?
> 
Yes and No. We excluded ECDSA. Until yesterday Microsoft did not Ship
ciphersuites with forward secrecy using RSA. This has now been fixed in
recent versions of Microsoft products.

Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141112/2543270a/attachment.sig>


More information about the Ach mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).
Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung