AnsweredAssumed Answered

IE Handshake Simulation: proposed Curves

Question asked by Bernd Eckenfels on Nov 6, 2014
Latest reply on Nov 7, 2014 by Bernd Eckenfels

Hello,

 

I was playing around with different IIS configurations in order to understand how the ECDHE ciphers with the Curve parameters interact. I had set up an IIS with ECDHE_RSA_*_P521 and ECDHE_RSA_*_P384 and RSA*. When running the handshake simulation it was reporting that it is not using the FS ciphers with IE. When I added the ECDHE_RSA_*_P256 it used it.

 

So I wonder what curves the qualsys scanner proposes? When I look at my Win7 IE11 it will honor the ciphers configured with gpedit.msc, but it seems to never propose the P521 curve. But it does propose the secp384r1. If your scanner maybe only proposing secp256r1 and if yes, is this conformant to some IE settings or just an overseight?

 

Greetings

Bernd

Outcomes