[REGRESSION] Extension intolerant server fails with "Assessment failed: Internal Error" on production and "Assessment failed: No secure protocols supported" on development

[selecadm]

https://www.ssllabs.com/ssltest/analyze.html?d=login.mos.ru

Assessment failed: Internal Error

https://dev.ssllabs.com/ssltest/analyze.html?d=login.mos.ru

Assessment failed: No secure protocols supported

https://sslanalyzer.comodoca.com/?url=login.mos.ru

Error -12: Unable to establish an SSL connection

This is also a regression. Previously there was full report with "TLS extension intolerance Yes". Cipher order was something like this: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA So none of the clients use RC4, because 3DES is prioritized.

https://ssl-tools.net/webservers/login.mos.ru

The webserver of login.mos.ru can not be reached. Results incomplete PFS not checked DANE missing Heartbleed not checked Poodle not checked

https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

This server cannot be scanned for the Heartbleed vulnerability. This server cannot be scanned for the Poodle (TLS) vulnerability.

ServerHello:

[selecadm]

Comodo has just successfully tested the server!

[selecadm]

Finally!

"Protocol or cipher suite mismatch" for all clients because of timeout, but it's something! Also failed to detect 3DES (between AES-256 and AES-128) and RC4 (lowest priority) support.

https://www.ssllabs.com/ssltest/analyze.html?d=login.mos.ru

[ivanr]

Just FYI, nothing changed on our end :)

[selecadm]

Significant changes have been made recently: — TLS 1.1 and TLS 1.2 enabled — ECDHE support — root and even pseudo-root removed from the chain

But why are BEAST and POODLE mitigated, if there is the lowest priority for RC4 (below 3DES) and handshake simulation time out?