AnsweredAssumed Answered

Same cipher suites but different order

Question asked by Raymond CC on Mar 27, 2014
Latest reply on Mar 27, 2014 by Raymond CC

Hello,

 

I would like to use the cipher suites that CloudFlare uses which is:

 

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA

 

https://support.cloudflare.com/hc/en-us/articles/200933580-What-cipher-suites-does-CloudFlare-use-for-SSL-

 

However the test results are a bit different. Compare:

1. https://www.ssllabs.com/ssltest/analyze.html?d=cloudflare.com&s=198.41.212.157

2. https://www.ssllabs.com/ssltest/analyze.html?d=raymond.cc

 

Firstly the cipher order is a bit different.

For Cloudflare, TLS_RSA_WITH_RC4_128_SHA and TLS_RSA_WITH_RC4_128_SHA are stated under "Suites used only for BEAST mitigation (TLS 1.0 and earlier)".

While my server, the two above ciphers are in order 2 and 5.

 

Secondly, the handshake simulation is different for Safari 6 and 7 that uses TLS 1.2.

CloudFlare uses TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA while my server uses TLS_ECDHE_RSA_WITH_RC4_128_SHA.

 

My web server is running LiteSpeed. Could that be the cause of this difference?

Outcomes