cancel
Showing results for 
Search instead for 
Did you mean: 
bornheim
Level 7

Ciphers missing

Hi,

the site https://www.bank-verlag.de/ according to the Qualys SSL test at https://www.ssllabs.com/ssltest/analyze.html?d=bank-verlag.de supports these cipher suites:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

Qualys says this is a perfectly valid cipher suite. Only older OpenSSL libs, Windows XP Clients, Android 2 and Java 6 will be unable to connect.

Unfortunately MWG 7.4.2.6.0 is unable to connect too. There is no match between the cipher suites the OpenSSL lib in MWG supports and the TLS_ECDHE_RSA_* suites because no elliptic curves are compiled into the OpenSSL package.

Could someone please have a look into this?

Kind regards,

Robert

P.S.: the workaround is to tunnel this host. But naturally I would prefer a solution over a workaround. :-)

0 Kudos
6 Replies
McAfee Employee

Re: Ciphers missing

We're working on ECC support. No more details here. If you want more detail send me a PM.

thanks,

Michael

0 Kudos
otruniger
Level 10

Re: Ciphers missing

Hi Michael,

I have to reiterate on this topic. We now have multiple sites supporting EC ciphers only we cannot to anymore without setting up a SSL tunnel. But for some of them it's out of question and therefore impossible to reach like https://www.ricardo.ch. I have opened a ticket with our support partner who will escalate to McAfee.

Will there be a chance to get support for EC on 7.4 or do I have to expect being forced going to 7.5? It's just about planning.

thanks, Othmar

0 Kudos
numark
Level 7

Re: Ciphers missing

Hi Michael, I tried PMing you and it wouldn't let me.

We too are having a similar issue with all websites hosted via cloudflare that require this suite.

Do you have an update on the status of this?

Thanks!

0 Kudos
McAfee Employee

Re: Ciphers missing

You have a message numark.

Michael

0 Kudos
malefunk
Level 7

Re: Ciphers missing

We have also experienced situations with websites only supporting ECDHE. Any News on this topic?

SSL Server Test: set.de (Powered by Qualys SSL Labs)

0 Kudos
McAfee Employee

Re: Ciphers missing

Hello,

for all who are following this thread - we have released support for ECC as part of the MWG 7.5.2 Beta.

thanks,

MIchael

0 Kudos