AnsweredAssumed Answered

Assessment failed on TLS 1.2 server

Question asked by steve on Mar 4, 2011
Latest reply on Mar 4, 2011 by Ivan Ristić

The server test fails when nothing but TLS 1.1 or TLS 1.2 are enabled:

 

Assessment failed: Server chose unsupported or disabled protocol: Unknown-3.3

 

While not providing TLS 1.0 restricts compatibility to a very limited set of browsers (Opera 10/11 and MSIE on Vista / Windows 7 as far as I know), it can be acceptable for a private server, where only a handful people have access, possibly further restricted by client certificate authentication.

 

The above browsers of course connect just fine to the TLS 1.2-only daemon.

 

 

Furthermore, it'll be helpful if tests could be limited to the hostname provided. i.e. if I enter host.mydomain.com, I don't want to automatically scan www.host.mydomain.com, which may be hosted somewhere else or where I don't own a matching certificate.

Outcomes