[Ach] Current bettercrypto.org cipher list (apache) and https://www.ssllabs.com/ssltest
Aaron Zauner
azet at azet.org
Wed Nov 12 23:48:49 CET 2014
Hi Torge,
Torge Riedel wrote:
> Beneath "Handshake simulation" most reference browsers show a
> "TLS_DHE_RSA..." cipher, following reference browsers do not use FS:
>
>
> BingBot Dec 2013 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35) No FS 256
> IE 6 / XP Protocol or cipher suite mismatch
> Fail
> IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35) No FS 256
> IE 8 / XP Protocol or cipher suite mismatch Fail
> IE 8-10 / Win 7 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35) No FS 256
> IE 11 / Win 7 TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA
> (0x35) No FS 256
> IE Mobile 10 / Win Phone 8.0 TLS 1.0
> TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
> IE Mobile 11 / Win Phone 8.1 TLS 1.2
> TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
>
> Is there something missing in the cipher list?
>
Yes and No. We excluded ECDSA. Until yesterday Microsoft did not Ship
ciphersuites with forward secrecy using RSA. This has now been fixed in
recent versions of Microsoft products.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141112/2543270a/attachment.sig>
More information about the Ach
mailing list