AnsweredAssumed Answered

Failed to communicate with the secure server on freedomstore.barclaycard.co.uk

Question asked by Evan Hood on Aug 7, 2015
Latest reply on Aug 7, 2015 by Ivan Ristić

freedomstore.barclaycard.co.uk

 

Production SSLLabs gives: Assessment failed: Failed to communicate with the secure server

Dev SSLLabs gives: Assessment failed: Unexpected failure [RenegotiationTest]: Exception: Unexpected failure [RenegotiationTest]: Connection failed

 

I can't see any reasons why. Other tests I've done:

 

Browsers connect fine, Latest Chrome uses TLSv1.2 with RSA-AES128-SHA

 

SSLDecoder.org - works but ONLY if you don't enumerate cipher suites (failed to connect if you try enumeration), but it also things TLSv1.2 is not supported, when it clearly is.

https://ssldecoder.org/results/saved.freedomstorebarclaycardcouk.1438974092.bb59dae1de364f4e26c1f1bc2a39f353.html

 

Comodo gives: Error -12: Unable to establish an SSL connection

 

SSL-tools works and shows TLSv1.2 and 1.0 support:

freedomstore.barclaycard.co.uk - SSL / HTTPS Check · SSL-Tools

 

SSLyze connects and gives:

SCAN RESULTS FOR FREEDOMSTORE.BARCLAYCARD.CO.UK:443 - 157.83.104.61:443

-----------------------------------------------------------------------

Unhandled exception when processing --compression:

utils.SSLyzeSSLConnection.SSLHandshakeRejected - TLS / Unexpected EOF

  * Session Renegotiation:

      Client-initiated Renegotiations:   VULNERABLE - Server honors client-initiated renegotiations

      Secure Renegotiation:              OK - Supported

 

  * Certificate - Content:

      SHA1 Fingerprint:                  5839af54672474d0a0b9be5ac7c335c78dfb47ac

      Common Name:                       freedomstore.barclaycard.co.uk

      Issuer:                            Symantec Class 3 EV SSL CA - G3

      Serial Number:                     65767F73BFA548F24C0F096BB6EAFC5B

      Not Before:                        Apr  1 00:00:00 2015 GMT

      Not After:                         Apr  5 23:59:59 2017 GMT

      Signature Algorithm:               sha256WithRSAEncryption

      Public Key Algorithm:              rsaEncryption

      Key Size:                          2048 bit

      Exponent:                          65537 (0x10001)

      X509v3 Subject Alternative Name:   {'DNS': ['freedomstore.barclaycard.co.uk']}

 

  * Certificate - Trust:

      Hostname Validation:               OK - Subject Alternative Name matches

      Mozilla NSS CA Store (04/2015):    OK - Certificate is trusted

      Microsoft CA Store (04/2015):      OK - Certificate is trusted

      Java 6 CA Store (Update 65):       OK - Certificate is trusted

      Apple CA Store (OS X 10.10.3):     OK - Certificate is trusted

      Certificate Chain Received:        ['freedomstore.barclaycard.co.uk', 'Symantec Class 3 EV SSL CA - G3']

 

  * Certificate - OCSP Stapling:

      NOT SUPPORTED - Server did not send back an OCSP response.

 

  * OpenSSL Heartbleed:

      OK - Not vulnerable to Heartbleed 

 

  * Session Resumption:

      With Session IDs:                  PARTIALLY SUPPORTED (3 successful, 1 failed, 1 errors, 5 total attempts). Try --resum_rate.

        ERROR #1: SSLHandshakeRejected - TLS / Unexpected EOF

      With TLS Session Tickets:          NOT SUPPORTED - TLS ticket not assigned.

 

  * SSLV2 Cipher Suites:

      Server rejected all cipher suites.

 

  * TLSV1_2 Cipher Suites:

      Preferred:                      

                 AES128-SHA256                 -              128 bits      HTTP 200 OK                       

      Accepted:                       

                 AES256-SHA256                 -              256 bits      HTTP 200 OK                       

                 AES128-SHA256                 -              128 bits      HTTP 200 OK                       

                 DES-CBC3-SHA                  -              112 bits      HTTP 200 OK                       

 

  * TLSV1_1 Cipher Suites:

      Server rejected all cipher suites.

 

  * SSLV3 Cipher Suites:

      Server rejected all cipher suites.

 

  * TLSV1 Cipher Suites:

      Preferred:                      

                 AES128-SHA                    -              128 bits      HTTP 200 OK                       

      Accepted:                       

                 AES256-SHA                    -              256 bits      HTTP 200 OK                       

                 AES128-SHA                    -              128 bits      HTTP 200 OK                       

                 DES-CBC3-SHA                  -              112 bits      HTTP 200 OK                       

Outcomes