AnsweredAssumed Answered

How does Qualys determine the server Cipher Suites?

Question asked by Michael Yip on Mar 28, 2018
Latest reply on Mar 29, 2018 by Robert Dell'Immagine

Updates

Does Qualys use "nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 <target>" to obtain a list of cipher suites on the target server? The output from this command for cipher suites are different than the output from openssl command. Notice the discrepancies?

...

| ssl-enum-ciphers:
|   TLSv1.1
|     Ciphers (19)
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_IDEA_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|       TLS_RSA_WITH_SEED_CBC_SHA
|     Compressors (1)
|       uncompressed
|   TLSv1.2
|     Ciphers (31)
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA
|       TLS_RSA_WITH_AES_128_CBC_SHA256
|       TLS_RSA_WITH_AES_128_GCM_SHA256
|       TLS_RSA_WITH_AES_256_CBC_SHA
|       TLS_RSA_WITH_AES_256_CBC_SHA256
|       TLS_RSA_WITH_AES_256_GCM_SHA384
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|       TLS_RSA_WITH_IDEA_CBC_SHA
|       TLS_RSA_WITH_RC4_128_MD5
|       TLS_RSA_WITH_RC4_128_SHA
|       TLS_RSA_WITH_SEED_CBC_SHA
|     Compressors (1)
|_      uncompressed

...

 

 

Original Question

Recently I made changes to openssl on the server to support only TLS 1.1 and 1.2 with explicit protocols. The test did recognize that only these 2 protocols are supported. However the cipher suites Qualys displayed is different that that the server reported here.

 

Here is what the server said it supports.

 

tls1_1: ECDHE-RSA-AES256-SHA

tls1_1: DHE-RSA-AES256-SHA

tls1_1: DHE-RSA-CAMELLIA256-SHA

tls1_1: AES256-SHA

tls1_1: CAMELLIA256-SHA

tls1_1: ECDHE-RSA-AES128-SHA

tls1_1: DHE-RSA-AES128-SHA

tls1_1: DHE-RSA-CAMELLIA128-SHA

tls1_1: AES128-SHA

tls1_1: CAMELLIA128-SHA

 

tls1_2: ECDHE-RSA-AES256-GCM-SHA384

tls1_2: ECDHE-RSA-AES256-SHA384

tls1_2: ECDHE-RSA-AES256-SHA

tls1_2: DHE-RSA-AES256-GCM-SHA384

tls1_2: DHE-RSA-AES256-SHA256

tls1_2: DHE-RSA-AES256-SHA

tls1_2: DHE-RSA-CAMELLIA256-SHA

tls1_2: AES256-GCM-SHA384

tls1_2: AES256-SHA256

tls1_2: AES256-SHA

tls1_2: CAMELLIA256-SHA

tls1_2: ECDHE-RSA-AES128-GCM-SHA256

tls1_2: ECDHE-RSA-AES128-SHA256

tls1_2: ECDHE-RSA-AES128-SHA

tls1_2: DHE-RSA-AES128-GCM-SHA256

tls1_2: DHE-RSA-AES128-SHA256

tls1_2: DHE-RSA-AES128-SHA

tls1_2: DHE-RSA-CAMELLIA128-SHA

tls1_2: AES128-GCM-SHA256

tls1_2: AES128-SHA256

tls1_2: AES128-SHA

tls1_2: CAMELLIA128-SHA

 

Here is what Qualys reported. How is that possible?

 

Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp256r1 (eq. 3072 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp256r1 (eq. 3072 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 2048 bits   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 2048 bits   FS256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 2048 bits   FS256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)   WEAK256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp256r1 (eq. 3072 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 2048 bits   FS128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 2048 bits   FS128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 2048 bits   FS128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)   DH 2048 bits   FS128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)   WEAK128
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 2048 bits   FS   WEAK112
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK112
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a)   DH 2048 bits   FS128
TLS_RSA_WITH_SEED_CBC_SHA (0x96)   WEAK128
TLS_RSA_WITH_IDEA_CBC_SHA (0x7)   WEAK128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   INSECURE128
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128
# TLS 1.1 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 2048 bits   FS256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 2048 bits   FS256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)   WEAK256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 2048 bits   FS128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)   DH 2048 bits   FS128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)   WEAK128
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 2048 bits   FS   WEAK112
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK112
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a)   DH 2048 bits   FS128
TLS_RSA_WITH_SEED_CBC_SHA (0x96)   WEAK128
TLS_RSA_WITH_IDEA_CBC_SHA (0x7)   WEAK128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   INSECURE128
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128

Outcomes