Windows 2008 R2 (IIS 7.5)
IIS Crypto 1.4 Built 5 lists:
* TLS 1.0, 1.1, and 1.2 as being enabled
* TLS 1.2 Cipher suites enabled (e.g. 0xC027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0xC028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (
The odd stuff:
1) The SSL Labs tester results show 0xC027 and 0xC028 on individual clients, but not in the server suite list.
2) TLS 1.2 is not listed as enabled in the protocol section, but is listed in the client handshake section (e.g. Android 4.4.2).
Running the following...
openssl s_client -connect lab-duckad-ex3.uoregon.edu:443 -tls1_2
...results in a successful connection, with the following snippet:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Any idea why the tester shows conflicting results?