AnsweredAssumed Answered

Does the Handshake Simulation consider Root Certs?

Question asked by Matthias Wächter on Oct 15, 2015
Latest reply on Oct 15, 2015 by Matthias Wächter

… or just the cipher and the limits of RSA key length?

 

Reason for asking: I don’t know whether a highly secure server with support for just TLS 1.2, AEAD ciphers, and a perfect SHA-2/3-only certification path #1, benefits from sending out a fallback intermediate certificate to an alternate, old RSA SHA-1 root certificate for certification path #2.

 

Or, from the other direction, do you maintain a list of standard Root CAs and their support in various browsers, or vice versa? The browser support page, e.g. Qualys SSL Labs - Projects / User Agent Capabilities: Android 4.0.4 doesn’t give any clue about that.

Outcomes