AnsweredAssumed Answered

Java 6u45 Forward Secrecy?

Question asked by Zoltán Halassy on Aug 27, 2013
Latest reply on Sep 3, 2013 by Zoltán Halassy

According to this test:

 

https://www.ssllabs.com/ssltest/analyze.html?d=www.gondtalanul.hu

 

This site does not provide FS to a Java 6u45 client. I tried to find out what kind of ciphers it supports, and I checked this list:

 

http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider

 

This list shows supported ciphers which are higher on the server's list, like TLS_ECDHE_RSA_WITH_RC4_128_SHA.

 

 

SSL_RSA_WITH_RC4_128_SHA is listed sooner in the client but the server preferred order should choose a cipher with FS.

 

Do I read the wrong documentation or misinterpret it? Or is there some kind of bug in SSL Test?

 

 

Outcomes