I have several questions on the order of priority of server-side encryption suites detected during scanning Qualys SSL server.
a - How Qualys detects the priority of cipher suites the server side? What is the algorithm of detection?
b - In a SSL / TLS negotiation, how is the negotiation on the cipher: I think 1 - when the client logs on, it sends the list of cipher it supports in order of preference - 2 THEN, in this list, the server chosen according to its own priority (his preference list). You confirm ?
c- And, the last question after finding on a test case:
1 - On the client side, here is the configuration of ciphers priority:
2 - On the server side, here is the configuration of ciphers priority (do not worry about the robustness of the suites here, it's just the test) :
3 - the cipher selected after negotiation is : TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (6th on the client side priority, 9th on the server side priority). If you have an explication ?!