AnsweredAssumed Answered

Bug? SSL Server Test reports that IE6 won't work with my site, however, it does

Question asked by Eric Rosenberry on Aug 18, 2015
Latest reply on Aug 19, 2015 by Ivan Ristić

I have a site that supports the following:

 

TLS1.0, TLS 1.1, TLS 1.2

 

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES128-SHA

AES128-GCM-SHA256

AES128-SHA256

AES128-SHA

DES-CBC3-SHA

 

(cipher naming above is in NGINX format, which I think is actually OpenSSL format)

 

The SSL Labs SSL Server Test appears to indicate it won't work with IE6 on XP, however, I am using the Browserstack test tool which lets me launch an IE6 instance on XP and it appears to load the site just fine with SSL.  I get the lock icon in the bottom right corner and can click on it to look at the certificate itself.

 

I suspect the test tool assumes it won't work due to my cert being a SHA256 signed cert (vs. SHA-1) although it does appear to work.

 

My guess is that super old XP (like before SP3) won't support SHA256, but clearly more modern XP updates do allow it.

 

I can not see what version of the OS Browserstack is leveraging (since it does not give me access to the Start menu), but I can see that IE version (in Help -> About) is:

 

6.0.3790.3959

Update Versions:; SP2;

 

I figured I would throw this out there since the fact that this tool says IE6 on XP does not work is perhaps somewhat of a misnomer.

 

Incidentally, the above Cipher list is exactly what Amazon.com supports and seems to be quite well thought out.  It provides quite good security (checks nearly every box) but yet still has very good backward compatibility.

 

-Eric

Outcomes