Hi All,
I am looking in to the ROBOT oracle issue and SSL report. The SSL report for one of my asset lists a vulnerable as i can understand this is because it supports RSA ciphers. The ciphers are weak which is separate issue for.
My question is if i scan the same using using the tool from the ROBOT reference site The ROBOT Attack - Return of Bleichenbacher's Oracle Threat i get the site as clean.
What should i trust now :-)
Thanks,
Gautam
The major difference between the two tests is that SSL Labs supports ROBOT vulnerability test with SNI whereas robotattack.org does not support SNI. You can assume SSL Labs results to be correct in these cases.