6 Replies Latest reply on May 17, 2015 4:23 AM by michael_schneider

    Ciphers missing

    bornheim

      Hi,

       

      the site https://www.bank-verlag.de/ according to the Qualys SSL test at https://www.ssllabs.com/ssltest/analyze.html?d=bank-verlag.de supports these cipher suites:

       

      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

       

      Qualys says this is a perfectly valid cipher suite. Only older OpenSSL libs, Windows XP Clients, Android 2 and Java 6 will be unable to connect.

       

      Unfortunately MWG 7.4.2.6.0 is unable to connect too. There is no match between the cipher suites the OpenSSL lib in MWG supports and the TLS_ECDHE_RSA_* suites because no elliptic curves are compiled into the OpenSSL package.

       

      Could someone please have a look into this?

       

      Kind regards,

      Robert

       

      P.S.: the workaround is to tunnel this host. But naturally I would prefer a solution over a workaround. :-)