Closed selecadm closed 9 years ago
Comodo has just successfully tested the server!
Finally!
"Protocol or cipher suite mismatch" for all clients because of timeout, but it's something! Also failed to detect 3DES (between AES-256 and AES-128) and RC4 (lowest priority) support.
Just FYI, nothing changed on our end :)
Significant changes have been made recently: — TLS 1.1 and TLS 1.2 enabled — ECDHE support — root and even pseudo-root removed from the chain
But why are BEAST and POODLE mitigated, if there is the lowest priority for RC4 (below 3DES) and handshake simulation time out?
https://www.ssllabs.com/ssltest/analyze.html?d=login.mos.ru
https://dev.ssllabs.com/ssltest/analyze.html?d=login.mos.ru
https://sslanalyzer.comodoca.com/?url=login.mos.ru
This is also a regression. Previously there was full report with "TLS extension intolerance Yes". Cipher order was something like this: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA So none of the clients use RC4, because 3DES is prioritized.
https://ssl-tools.net/webservers/login.mos.ru
https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
ServerHello: