AnsweredAssumed Answered

questioning changes in ssl test resullts

Question asked by Christine Ross on Sep 18, 2014
Latest reply on Sep 18, 2014 by Ivan Ristić

Hello.

 

I have an Apache openssl site that was tested by your testing process in 2012.  At that time it reported these 2 lines (in addition to others).

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

168

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits (p: 128, g: 1, Ys: 128)

168

 

I have not changed my openssl.conf file for the supported Cipher Strings.  The base version of openssl is still 0.9.7d with patches for security vulnerabilities.

 

Today if you run the scan on the same site, it reports those as 112

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

112

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS

112

I understand that the 112 to prevent the meet-in-the-middle attach (if I am descibing that correctly).

 

Why is there a change in what is being reported here please?  Did the tool upgrade to report it differently please?

 

Thank you very much.

Outcomes