Whex

Odd detection mismatch

Discussion created by Whex on Oct 20, 2014
Latest reply on Oct 21, 2014 by Ivan Ristić

https://www.ssllabs.com/ssltest/analyze.html?d=lab-duckad-ex3.uoregon.edu&hideResults=on

 

Windows 2008 R2 (IIS 7.5)

IIS Crypto 1.4 Built 5 lists:

*  TLS 1.0, 1.1, and 1.2 as being enabled

*  TLS 1.2 Cipher suites enabled (e.g.  0xC027  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0xC028  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028))

 

The odd stuff:

1) The SSL Labs tester results show 0xC027 and 0xC028 on individual clients, but not in the server suite list.

2) TLS 1.2 is not listed as enabled in the protocol section, but is listed in the client handshake section  (e.g. Android 4.4.2).

 

Running the following...

openssl s_client -connect lab-duckad-ex3.uoregon.edu:443 -tls1_2

 

...results in a successful connection, with the following snippet:

 

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : ECDHE-RSA-AES256-SHA384

 

 

Any idea why the tester shows conflicting results?

 

 

Thanks,

Whex

Outcomes