Hello all,

I'm working with the ssltest as part of a university project, so I need to dive a little bit deeper into the reasons for the ratings. Any help appreciated.

In particular I wonder about the Handshake Simulation. I got for example:

Chrome 37 / OS X R | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (`0xc02f` ) FS | 128 |

R means I have to improve the result, right? From the user agent page, I gather

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (`0xc02b`

)

is optimal. So far so good. I go to my webserver and have openssl check the configured cipher suites:

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1 ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1

Here is my problem. OpenSSL says Chrome's favorite is actually on place 2, but place 4 is negotiated by the tool. Is my web server not fully utilising OpenSSL? Or does the SSLTest have a bug?

My test server is reachable on cs6231.asuscomm.com if you want to run the test again. Thanks for any suggestions in advance!

To get 100% on key exchange, all keys used in any cipher suite must be at least 4096-bit equivalent RSA. Right now, you're using a 256-bit elliptic curve for your ECDHE suites, which is only equivalent to a 3072-bit RSA key. To get 100% on key exchange, you will need to increase the elliptic curve key length. EC secp384r1 is 384 bits, equivalent to a 7680-bit RSA key.

It is possible to get 100% on Protocol Support if your server only supports TLS 1.2 and no other protocols, but that is not practical for a production web server. You will need to support at least TLS 1.0, 1.1, and 1.2 to remain compatible with almost everything sans Internet Explorer on Windows XP.

See my web server's report for what I consider the most practical and secure configuration that can be attained (provided you're not worried about BEAST). Qualys SSL Labs - Projects / SSL Server Test / thedanzone.net (Exception: I have not implemented HTTP Strict Transport Security on my server because many images are referenced from other sites with plain HTTP. Obviously, for the most secure configuration, HSTS should be implemented.)