AnsweredAssumed Answered

Wrong info re:IE 8 compatibility in cert check?

Question asked by tvaldez on May 1, 2018
Latest reply on May 2, 2018 by Rob Moss

On this results page: SSL Server Test (Powered by Qualys SSL Labs)  is the following section:

# Not simulated clients (Protocol mismatch)
Android 2.3.7   No SNI 2Protocol mismatch (not simulated)
Android 4.0.4Protocol mismatch (not simulated)
Android 4.1.1Protocol mismatch (not simulated)
Android 4.2.2Protocol mismatch (not simulated)
Android 4.3Protocol mismatch (not simulated)
Baidu Jan 2015Protocol mismatch (not simulated)
IE 6 / XP   No FS 1   No SNI 2Protocol mismatch (not simulated)
IE 7 / VistaProtocol mismatch (not simulated)
IE 8 / XP   No FS 1   No SNI 2Protocol mismatch (not simulated)
IE 8-10 / Win 7  RProtocol mismatch (not simulated)
IE 10 / Win Phone 8.0Protocol mismatch (not simulated)
Java 6u45   No SNI 2Protocol mismatch (not simulated)
Java 7u25Protocol mismatch (not simulated)
OpenSSL 0.9.8yProtocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4  RProtocol mismatch (not simulated)
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
ll) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

 

And on this page It shows that my IE 8 actually supports TLS 1.2 under Windows 7 64-bit:

 

Qualys SSL Labs - Projects / SSL Client Test

SSL/TLS Capabilities of Your Browser
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0; InfoPath.3; MDDRJS)
Protocol Support
Your user agent has good protocol support.
Your user agent supports TLS 1.2, which is recommended protocol version at the moment.
I am running Windows Server 2016 with SSL 2.0, SSL 3.0, and TLS 1.0 all disabled. And I can browse our website just fine in IE 8 under Windows 7 64-bit. So why is the handshake info on the Cert Test page not able to test that?

Outcomes