AnsweredAssumed Answered

Incorrect "sorted by strength; the server has no preference" if only one cipher suite is supported

Question asked by Adm Selec on Dec 15, 2014

Noticed recently that if a server supports only one cipher suite, SSL Labs shows "sorted by strength; the server has no preference". I assume it is impossible to check server preference in such cases, because it is not explicitly stated to any clients.

 

SSL Server test - how can you determine the server preferred cipher order / smtp support

As for the cipher order test: we first determine all available suites, then we submit as many requests as there are suites, and note the order in which the suites are picked by the server.

 

SSL Labs report:

 

ApacheSSL-004.png

 

The real configuration:

 

ApacheSSL-003.png

 

Rather than checking for cipher order, shouldn't it be just "Cipher Suite" with single "Suite" noun and without any clarifications?

Outcomes