AnsweredAssumed Answered

„Handshake Simulation“ sometimes buggy/incorrect

Question asked by EPnWRdw Ln on Jan 25, 2014
Latest reply on Jan 25, 2014 by EPnWRdw Ln

Hi

 

See for example https://www.ssllabs.com/ssltest/analyze.html?d=fancyssl.hboeck.de

The server fancyssl.hboeck.de only provides support for AES+GCM (see notes on http://fancynossl.hboeck.de/ ) and Section „cipher suites“ is correct about detecting that:

 

Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2 suites where used)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)                                                ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)                  DH 4096 bits (p: 512, g: 1, Ys: 512)   FS 256

 

 

But „Handshake simulation“ tells me this:

Handshake Simulation
BingBot Dec 2013   No SNI 2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)           FS 256
BingPreview Dec 2013 Protocol or cipher suite mismatch Fail3
Chrome 32 / Win 7  R Protocol or cipher suite mismatch Fail3
Firefox 24.2.0 ESR / Win 7 Protocol or cipher suite mismatch Fail3
Firefox 26 / Win 8  R Protocol or cipher suite mismatch Fail3
Firefox 27 Beta / Win 8  R Protocol or cipher suite mismatch Fail3
Googlebot Oct 2013 Protocol or cipher suite mismatch Fail3
IE 6 / XP   No FS 1   No SNI 2 Protocol or cipher suite mismatch Fail3
IE 7 / Vista Protocol or cipher suite mismatch Fail3
IE 8 / XP   No FS 1   No SNI 2 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)           No FS 112
IE 8-10 / Win 7  R Protocol or cipher suite mismatch Fail3
IE 11 / Win 7  R Protocol or cipher suite mismatch Fail3
IE 11 / Win 8.1  R Protocol or cipher suite mismatch Fail3
Java 6u45   No SNI 2 Client does not support DH parameters > 1024 bits Fail3
Java 7u25 Protocol or cipher suite mismatch Fail3
OpenSSL 0.9.8y Protocol or cipher suite mismatch Fail3
OpenSSL 1.0.1e TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)           FS 256
Safari 5.1.9 / OS X 10.6.8 Protocol or cipher suite mismatch Fail3
Safari 6 / iOS 6.0.1  R Protocol or cipher suite mismatch Fail3
Safari 6.0.4 / OS X 10.8.4  R Protocol or cipher suite mismatch Fail3
Safari 7 / OS X 10.9  R Protocol or cipher suite mismatch Fail3
Tor 17.0.9 / Win 7 Protocol or cipher suite mismatch Fail3
Yahoo Slurp Oct 2013 Protocol or cipher suite mismatch Fail3

Which is obvously wrong.

Outcomes