AnsweredAssumed Answered

SSL Labs scan shows Browser Handshake with cipher suite not offered

Question asked by David Hubbard on Jun 3, 2015
Latest reply on Jun 3, 2015 by David Hubbard

Hi

 

I have a site showing an "A" rating on SSL Labs - having applied some changes for logjam which includes turning RC4 off

 

In the Handshake section for IE 8 is showing as:

 

IE 8 / XP   No FS 1      No SNI 2   TLS 1.0     TLS_RSA_WITH_RC4_128_SHA (0x5)   No FS   RC4     128

 

i.e. with an RC4 cipher suite

 

However the cipher suites offered do not include this cipher suite - how is IE8 (or the simulator for it) able to do this? am I missing something?

 

Those showing as available are:

 

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH 256 bits (eq. 3072 bits RSA)   FS   128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH 256 bits (eq. 3072 bits RSA)   FS   256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH 256 bits (eq. 3072 bits RSA)   FS   128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH 256 bits (eq. 3072 bits RSA)   FS   128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH 256 bits (eq. 3072 bits RSA)   FS   256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 256 bits (eq. 3072 bits RSA)   FS   256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84256
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)   DH 2048 bits (p: 256, g: 1, Ys: 256)   FS   128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa112

Outcomes