I would like to understand why Qualys is identifying this SSL ciphersuite as weak: TLS_RSA_WITH_AES_256_GCM_SHA384. I am aware of the Bleichenbacher Weak Oracle attack. There are implementations of the ciphersuite that are weak/deficient and many others that are not. The deficient implementations need to be identified and patched. This is not the same as having an algorithmic design weakness. It is a software bug.
Hi
cause these are static ciphers which do not support FS.
As well these chiphers will be not supported by TLS 1.3 anymore
BR,
Rob