AnsweredAssumed Answered

Requirements for being labeled as vulnerable to Robot

Question asked by roj4ck on Dec 18, 2017
Latest reply on Dec 20, 2017 by Bhushan Lokhande

I've been utilizing the DevSSLLabs.com site as well as the Robot Checker website to determine whether or not pages are vulnerable to Robot.  From what I read and understood websites that start with TLS_RSA are vulnerable to Robot. I stumbled across a website that appears like this shows up as not having any Robot vulnerabilities despite every single cipher beginning with TLS_RSA:

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)128
TLS_RSA_WITH_SEED_CBC_SHA (0x96)128

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)

 

 

I assume I am missing something here that would prevent a site like this from being marked as being vulnerable to Robot.  What else is a determining factor on SSL Labs from being marked as vulnerable?

Outcomes