[Ach] Current bettercrypto.org cipher list (apache) and https://www.ssllabs.com/ssltest

Torge Riedel torgeriedel at gmx.de
Thu Nov 13 06:56:32 CET 2014


Am 12.11.2014 um 23:48 schrieb Aaron Zauner:
> Hi Torge,
>
> Torge Riedel wrote:
>> Beneath "Handshake simulation" most reference browsers show a
>> "TLS_DHE_RSA..." cipher, following reference browsers do not use FS:
>>
>>
>> BingBot Dec 2013           TLS 1.0     TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35)   No FS     256
>> IE 6 / XP                          Protocol or cipher suite mismatch
>> Fail
>> IE 7 / Vista                TLS 1.0     TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35)   No FS     256
>> IE 8 / XP                       Protocol or cipher suite mismatch     Fail
>> IE 8-10 / Win 7          TLS 1.0     TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35)   No FS     256
>> IE 11 / Win 7           TLS 1.2     TLS_RSA_WITH_AES_256_CBC_SHA
>> (0x35)   No FS     256
>> IE Mobile 10 / Win Phone 8.0     TLS 1.0
>> TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS     256
>> IE Mobile 11 / Win Phone 8.1     TLS 1.2
>> TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS     256
>>
>> Is there something missing in the cipher list?
>>
> Yes and No. We excluded ECDSA. Until yesterday Microsoft did not Ship
> ciphersuites with forward secrecy using RSA. This has now been fixed in
> recent versions of Microsoft products.
>
> Aaron
>
Cool,
thank you for your explanation.

Torge



More information about the Ach mailing list