AnsweredAssumed Answered

Bing seems to be modified the cipherlist it uses

Question asked by Zoltán Halassy on Dec 4, 2013
Latest reply on Dec 10, 2013 by Ivan Ristić

Hello!

 

It seems back in October Bing used different ciphers than it uses now.

 

https://www.ssllabs.com/ssltest/viewClient.html?name=Bing&version=Oct%202013

 

shows the old list.

 

But if you search for the "SSL/TLS Capabilities of Your Browser" page ( https://www.ssllabs.com/ssltest/viewMyClient.html ) on bing:

 

http://www.bing.com/search?q=https%3A%2F%2Fwww.ssllabs.com%2Fssltest%2FviewMyClient.html

 

The first hit will be the client test page, and using the dropdown menu right to the green url can bring us to the cached page of it, which will actually show the Bing crawler cipherlist when it last updated the cached content of the page.

 

At the moment this gives us the following link (cache made at 11/21/2013):

 

http://cc.bingj.com/cache.aspx?q=https%3a%2f%2fwww.ssllabs.com%2fssltest%2fviewMyClient.html&d=4645025535831264&mkt=en-ww&setlang=en-US&w=bkgOozhbHh5AUGjUeUQ6DnIH2M-M4Fif

 

The main changes are:

- weak ciphers got removed

- ECDHE ciphers got added

- SNI support seems to be absent now (?)

Outcomes