Re: Problem with SSL certificate TLS_RSA_WITH_AES_128_CBC_SHA

Aaron Dietz Thu, 15 Mar 2018 01:59:06 -0700

I ran a analyze with sslyze.
I explizitly allowed
supportedProtocols: [TLSv1, TLSv1.1, TLSv1.2]
      supportedCipherSuites: [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, 
TLS_RSA_WITH_AES_256_CBC_SHA]
in the config yaml.
It seems like the config is simply ignored.


Results:

SCAN RESULTS FOR *OLD_VERSION*:8443
--------------------------------------------------------------

* TLSV1_2 Cipher Suites:
      Forward Secrecy                    OK - Supported
      RC4                                OK - Not Supported

    Preferred:
       None - Server followed client cipher suite preference.
    Accepted:
       TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 
bits
       TLS_RSA_WITH_AES_128_CBC_SHA256                   -              128 
bits
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             ECDH-256 bits  128 
bits
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-256 bits  128 
bits

* TLSV1_1 Cipher Suites:
      Forward Secrecy                    OK - Supported
      RC4                                OK - Not Supported

    Preferred:
       None - Server followed client cipher suite preference.
    Accepted:
       TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 
bits
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-256 bits  128 
bits

* TLSV1 Cipher Suites:
      Forward Secrecy                    OK - Supported
      RC4                                OK - Not Supported

    Preferred:
       None - Server followed client cipher suite preference.
    Accepted:
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                ECDH-256 bits  128 
bits
       TLS_RSA_WITH_AES_128_CBC_SHA                      -              128 
bits


SCAN RESULTS FOR *NEW_VERSION*:18443
---------------------------------------------------------------

* TLSV1_1 Cipher Suites:
     Server rejected all cipher suites.

* TLSV1 Cipher Suites:
     Server rejected all cipher suites.

* TLSV1_2 Cipher Suites:
      Forward Secrecy                    OK - Supported
      RC4                                OK - Not Supported

    Preferred:
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             ECDH-256 bits  128 
bits
    Accepted:
       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             ECDH-256 bits  128 
bits
       TLS_RSA_WITH_AES_128_CBC_SHA256                   -              128 
bits

-- 
You received this message because you are subscribed to the Google Groups 
"dropwizard-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Re: Problem with SSL certificate TLS_RSA_WITH_AES_128_CBC_SHA

Reply via email to