AnsweredAssumed Answered

RC4-MD5 and no forward secrecy gets an "A"

Question asked by jms703 on Nov 15, 2013
Latest reply on Nov 19, 2013 by Rob_T

Why does this configuration get an "A"?

 

 

Secure RenegotiationSupported
Secure Client-Initiated RenegotiationNo
Insecure Client-Initated RenegotiationNo
BEAST attackMitigated server-side (more info)                     SSL 3: 0x4, TLS 1.0: 0x4
TLS compressionNo
RC4Yes   NOT DESIRABLE (more info)
Forward SecrecyNo   NOT DESIRABLE (more info)
Next Protocol NegotiationNo
Session resumptionYes
Session ticketsNo
OCSP staplingNo
Strict Transport SecurityNo
Long handshake intoleranceNo
TLS extension intoleranceNo
TLS version intolerance TLS 1.2  TLS 1.3                     TLS 1.98                     TLS 2.98  PROBLEMATIC
SSL 2 handshake compatibilityNo

 

 

 

Cipher Suites

 

TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128

Outcomes