AnsweredAssumed Answered

TLS 1.1/1.2 detection issue in SSL Server Test

Question asked by mk-fg on May 10, 2014
Latest reply on May 12, 2014 by mk-fg

Host in question is 188.226.62.174 (fraggod.net), port 443, should be up.

SSL Server Test shows that neither TLS 1.1 nor TLS 1.2 are supported there, which seem to be incorrect.

 

nginx (1.4.5, openssl 1.0.1g) there is configured with "ssl_protocols TLSv1.2 TLSv1.1 TLSv1;", but is sitting behind haproxy (tcp mode with "tcp-request inspect-delay 2s", not terminating tls) that probably delays connections a little bit.

"openssl s_client -tls1_2 -connect 188.226.62.174:443" and browsers (e.g. FF 31.0a2) can (and do) use TLS 1.2 there, which I've also confirmed in pcap dumps.

 

So the test results seem to be unexpected and seem to offer no explaination as to why that's a solid "No" with the protocols actually enabled and used by other tools.

If it's indeed a valid result (i.e. 1.2 is enabled, but somehow broken), maybe more visible explaination or third alternative to binary "Yes/No" would help.

 

Thanks for the nice tool/service.

Outcomes