How To Test SSL Configurations With testssl.sh

Spread the love
(Last Updated On: March 8, 2018)

Is your current SSL Configuration secure enough? Is you https site rejecting old clients? Here comes a great tool called testssl.sh. It’s a bash script, developed by drwetter on Github, to test SSL Configurations

Enabling SSL for your site is a great idea overall. However, navigate around the multitude of SSL Configurations available for Apache and nginx is quite daunting. What’s best? What’s most secure? Are you privileging compatibility against security? testssl will help you decide what’s best for your site.

 

[callout type=”info” size=”lg”]

Pre-Requisite: OpenSSL

I will assume that you already have an up-to-date, secure OpenSSL version. If unsure, upgrade OpenSSL first (Debian/Ubuntu command):

sudo apt-get install --only-upgrade openssl
# openssl is already the newest version (1.1.0g-2.1+ubuntu16.04.1+deb.sury.org+1).

[/callout]

For an overview of how to generate SSL Configuration for Apache and nginx automatically, check this post on Mozilla SSL Configuration Generator.

[callout type=”warning” size=”lg”]

Last minute discovery

Since version 2.9, testssl is packaged with static OpenSSL binaries used for the tests. Therefore, your system OpenSSL version has no connection whatsoever with the test results. Having an up-to-date version it is still important though.

[/callout]

Install testssl on Debian/Ubuntu 12-17

testssl comes packaged with Debian. However the last stable version for your release may not be be up-to-date. Bellow is the proof that you should NOT install testssl.sh with your packager:

[tabs type=”tabs”]
[tab title=”Install it” active=”true”]

sudo apt-get -y install testssl.sh

[/tab]
[tab title=”launch it”]

testssl yourdomain.com

[/tab]
[tab title=”log”]

[code scrollable=”true”]

###########################################################
testssl 2.6 from https://testssl.sh/
(1.379B 2015/09/25 12:35:41)

This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using “OpenSSL 1.1.0g 2 Nov 2017” [~143 ciphers] on
web-scav-01:/usr/bin/openssl
(built: “reproducible build, date unspecified”, platform: “debian-amd64”)

Testing now (2018-03-06 16:11) —> real.ip.address:443 (yourdomain.com) <—

rDNS (real.ip.address): your-iaas-provider.domain.com.
Service detected: HTTP

–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 offered (OK)
SPDY/NPN Local problem: /usr/bin/openssl doesn’t support SPDY/NPN

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption Local problem: No 40 Bit encryption configured in /usr/bin/openssl
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) Local problem: No Export Ciphers (general) configured in /usr/bin/openssl
Low (<=64 Bit) Local problem: No Low (<=64 Bit) configured in /usr/bin/openssl
DES Ciphers Local problem: No DES Ciphers configured in /usr/bin/openssl
Medium grade encryption not offered (OK)
Triple DES Ciphers Local problem: No Triple DES Ciphers configured in /usr/bin/openssl
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, (P)FS — omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA

–> Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH
Cipher order
TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-SHA AES256-SHA
TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-SHA AES256-SHA
TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA
Local problem: /usr/bin/openssl doesn’t support SPDY/NPN

–> Testing server defaults (Server Hello)

TLS server extensions server name, renegotiation info, EC point formats, status request
Session Tickets RFC 5077 (none)
Server key size 2048 bit
Signature Algorithm SHA256 with RSA
Fingerprint / Serial SHA1 437F1FA12994BD3CAC6FF721707AC0D8B256C321 / 03FBB1AEEAC5BF0118F06B6EB1B4AF90DD19
SHA256 E625819E734F6372E9B98A35946A7A5E923130C63D586D319F23B0EEB0E744C0
Common Name (CN) subject=CN = yourdomain.com (CN in response to request w/o SNI: subject=CN = yourdomain.com)
subjectAltName (SAN) admin.yourdomain.com blog.yourdomain.com cdn.yourdomain.com yourdomain.com www.admin.yourdomain.com www.blog.yourdomain.com www.cdn.yourdomain.com www.yourdomain.com
Issuer issuer=C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3 (issuer=C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3)
EV cert (experimental) no
Certificate Expiration >= 60 days (2018-02-13 16:26 –> 2018-05-14 17:26 -0400)
# of certificates provided 2
Certificate Revocation List
OCSP URI http://ocsp.int-x3.letsencrypt.org
OCSP stapling offered
TLS timestamp random values, no fingerprinting possible

–> Testing HTTP header response @ “/”

HTTP Status Code 301 Moved Permanently, redirecting to “https://www.yourdomain.com/”
HTTP clock skew 0 sec from localtime
Strict Transport Security —
Public Key Pinning —
Server banner nginx/1.10.3 (Ubuntu)
Application banner —
Cookie(s) (none issued at “/”)
Security headers —
Reverse Proxy banner —

–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) Local problem: /usr/bin/openssl lacks zlib support
BREACH (CVE-2013-3587) no HTTP compression (OK) (only “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Local problem: /usr/bin/openssl lacks TLS_FALLBACK_SCSV support
FREAK (CVE-2015-0204) Local problem: /usr/bin/openssl doesn’t have any EXPORT RSA ciphers configured
LOGJAM (CVE-2015-4000), experimental Local problem: /usr/bin/openssl doesn’t have any DHE EXPORT ciphers configured
BEAST (CVE-2011-3389) no CBC ciphers for TLS1 (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)

–> Testing all locally available 143 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits
————————————————————————-
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256
x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256
x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256
x39 DHE-RSA-AES256-SHA DH 2048 AES 256
x9d AES256-GCM-SHA384 RSA AESGCM 256
x3d AES256-SHA256 RSA AES 256
x35 AES256-SHA RSA AES 256
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128
x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128
x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128
x33 DHE-RSA-AES128-SHA DH 2048 AES 128
x9c AES128-GCM-SHA256 RSA AESGCM 128
x3c AES128-SHA256 RSA AES 128
x2f AES128-SHA RSA AES 128

Done now (2018-03-06 16:11) —> real.ip.address:443 (yourdomain.com) <—

[/code]

[/tab]

[tab title=”Uninstall it”]

sudo apt-get -y purge testssl.sh

[/tab]

[/tabs]

[callout type=”warning” size=”lg”]

Warnings you will get

40 Bit encryption Local problem: No 40 Bit encryption configured in /usr/bin/openssl
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) Local problem: No Export Ciphers (general) configured in /usr/bin/openssl
Low (<=64 Bit) Local problem: No Low (<=64 Bit) configured in /usr/bin/openssl
DES Ciphers Local problem: No DES Ciphers configured in /usr/bin/openssl
Triple DES Ciphers Local problem: No Triple DES Ciphers configured in /usr/bin/openssl
Local problem: /usr/bin/openssl doesn't support SPDY/NPN

This means the version of testssl you are using is out-of-date, or incompatible with the OpenSSL version installed. See the next section to know why, and the section after to install the latest dev release.

[/callout]

 

Packaged Versions of testssl are Out-of-date

Let’s see which version of testssl you get for which OS:

So this is why. Unless you upgrade your server to the latest release, you won’t get the latest testssl version.

 

Download the Latest testssl.sh Release

Install and Test

You will need Github to do that, because from version 2.9, testssl comes packaged with some /etc files. You cannot just download and launch the script by itself anymore. This recipe will help you install it on the local user folders under /usr/local/src/.

The following analysis has been done for a site using an intermediate SSL Configuration (TLSv1 + TLSv1.1 + TLSv1.2) generated by Mozilla SSL Configuration Generator. See how it works here: SSL Configuration for Dummies.

[tabs type=”tabs”]
[tab title=”Install it” active=”true”]

# uninstall the package first:
sudo apt-get -y purge testssl.sh

git clone --depth 1 https://github.com/drwetter/testssl.sh.git /usr/local/src/testssl.sh
ln -s /usr/local/src/testssl.sh/testssl.sh /usr/local/bin/testssl

[/tab]
[tab title=”launch it”]

testssl yourdomain.com

[/tab]
[tab title=”log”]

[code scrollable=”true”]

###########################################################
testssl 2.9dev from https://testssl.sh/dev/

This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using “OpenSSL 1.0.2-chacha (1.0.2i-dev)” [~183 ciphers]
on web-scav-01:/usr/local/src/testssl.sh/bin/openssl.Linux.x86_64
(built: “Jun 22 19:32:29 2016”, platform: “linux-x86_64”)

Start 2018-03-07 16:46:13 –>> real.ip.address:443 (yourdomain.com) <<–

rDNS (real.ip.address): your-iaas-provider.domain.com.
Service detected: HTTP

Testing protocols via sockets except NPN+ALPN

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 offered (OK)
TLS 1.3 not offered
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)

Testing cipher categories

NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES encryption (w/o export) not offered (OK)
Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) not offered (OK)
Triple DES Ciphers (Medium) offered
High encryption (AES+Camellia, no AEAD) offered (OK)
Strong encryption (AEAD ciphers) offered (OK)

Testing robust (perfect) forward secrecy, (P)FS — omitting Null Authentication/Encryption, 3DES, RC4

PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA
Elliptic curves offered: prime256v1

Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Cipher order
TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA
AES256-SHA DES-CBC3-SHA

Testing server defaults (Server Hello)

TLS extensions (standard) “server name/#0” “renegotiation info/#65281” “EC point formats/#11” “status request/#5” “heartbeat/#15” “next protocol/#13172” “application layer protocol negotiation/#16”
Session Ticket RFC 5077 hint (no lifetime advertised)
SSL Session ID support yes
Session Resumption Tickets: yes, ID: yes
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial / Fingerprints 03FBB1AEEAC5BF0118F06B6EB1B4AF90DD19 / SHA1 437F1FA12994BD3CAC6FF721707AC0D8B256C321
SHA256 E625819E734F6372E9B98A35946A7A5E923130C63D586D319F23B0EEB0E744C0
Common Name (CN) yourdomain.com
subjectAltName (SAN) admin.yourdomain.com blog.yourdomain.com cdn.yourdomain.com yourdomain.com www.admin.yourdomain.com www.blog.yourdomain.com www.cdn.yourdomain.com www.yourdomain.com
Issuer Let’s Encrypt Authority X3 (Let’s Encrypt from US)
Trust (hostname) Ok via SAN and CN (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
Certificate Validity (UTC) 67 >= 30 days (2018-02-13 16:26 –> 2018-05-14 17:26)
# of certificates provided 2
Certificate Revocation List —
OCSP URI http://ocsp.int-x3.letsencrypt.org
OCSP stapling offered
OCSP must staple extension —
DNS CAA RR (experimental) not offered
Certificate Transparency —

Testing HTTP header response @ “/”

HTTP Status Code 301 Moved Permanently, redirecting to “https://www.yourdomain.com/”
HTTP clock skew 0 sec from localtime
Strict Transport Security —
Public Key Pinning —
Server banner nginx/1.10.3 (Ubuntu)
Application banner —
Cookie(s) (none issued at “/”) — maybe better try target URL of 30x
Security headers —
Reverse Proxy banner —

Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
ROBOT not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) – only supplied “/” tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
SWEET32 (CVE-2016-2183, CVE-2016-6329) VULNERABLE, uses 64 bit block ciphers
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don’t use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=E625819E734F6372E9B98A35946A7A5E923130C63D586D319F23B0EEB0E744C0 could help you to find out
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no common primes detected
BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
VULNERABLE — but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)

Testing 364 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
—————————————————————————————————————————–
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
x16 EDH-RSA-DES-CBC3-SHA DH 2048 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA

Running client simulations via sockets

Android 2.3.7 TLSv1.0 DHE-RSA-AES128-SHA, 2048 bit DH
Android 4.1.1 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
Android 4.3 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 7.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Chrome 51 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Chrome 57 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Firefox 49 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Firefox 53 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
IE 6 XP No connection
IE 7 Vista TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
IE 8 XP TLSv1.0 DES-CBC3-SHA
IE 8 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
IE 11 Win 7 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
IE 11 Win 8.1 TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
IE 11 Win Phone 8.1 Update TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 2048 bit DH
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Opera 17 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Tor 17.0.9 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
Java 6u45 No connection
Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)

Done 2018-03-07 16:47:17 [ 66s] –>> real.ip.address:443 (yourdomain.com) <<–

[/code]

[/tab]
[/tabs]

ssl test testssl mid conf protocols

No warnings anymore: much better isn’t it?

 

Verify Who Can Still Connect to Your Site

It’s worth noting that this marvelous tool will give you a list of client browsers that can still connect to your site with your current state-of-the-art configuration. Because as stated in the presentation, the more secure you go, the less old browsers will be able to connect.

Report from testssl

For the test above, for instance, most clients are compatible with your cipher-suite. testssl will report some old clients won’t be able to open your site:

_Running client simulations via sockets_
...
Android 7.0 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Chrome 57 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Firefox 53 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
IE 6 XP No connection
Java 6u45 No connection
...

Report from Qualys

Testing your https site with Qualys SSL Server Test will give you a much more detailed list of clients compatibles with your configuration.

# Not simulated clients (Protocol mismatch):

Android 2.3.7   No SNI 2Protocol mismatch (not simulated)
Android 4.0.4Protocol mismatch (not simulated)
Android 4.1.1Protocol mismatch (not simulated)
Android 4.2.2Protocol mismatch (not simulated)
Android 4.3Protocol mismatch (not simulated)
Baidu Jan 2015Protocol mismatch (not simulated)
IE 6 / XP   No FS 1   No SNI 2Protocol mismatch (not simulated)
IE 7 / VistaProtocol mismatch (not simulated)
IE 8 / XP   No FS 1   No SNI 2Protocol mismatch (not simulated)
IE 8-10 / Win 7  RProtocol mismatch (not simulated)
IE 10 / Win Phone 8.0Protocol mismatch (not simulated)
Java 6u45   No SNI 2Protocol mismatch (not simulated)
Java 7u25Protocol mismatch (not simulated)
OpenSSL 0.9.8yProtocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4  RProtocol mismatch (not simulated)
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Team Cook

Self-taught IT guy, and Communist slayer for the past 40 years. Who controls the information, controls the future.

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x