naumanshah03
commented
8 months ago Hi @lilyanatia
Could you please share the domain name to investigate this issue?
Regards, Nauman Shah
Open lilyanatia opened 11 months ago
naumanshah03
commented
8 months ago Hi @lilyanatia
Could you please share the domain name to investigate this issue?
Regards, Nauman Shah
lilyanatia
commented
8 months ago Could you please share the domain name to investigate this issue?
the server that I encountered this issue with has been reconfigured to disable AES 128 due to concerns about multi-target attacks.
it should be simple enough for you to set up a test server with the same cipher suites if you care about fixing the bug, but it's no longer my problem.
I have a server that supports the following cipher suites, in this order, with the prefer ChaCha20 setting enabled:
TLS_AES_128_GCM_SHA256 (0x1301) TLS_AES_256_GCM_SHA384 (0x1302) TLS_AES_128_CCM_SHA256 (0x1304) TLS_CHACHA20_POLY1305_SHA256 (0x1303)
SSL Labs shows this incorrect order: TLS_AES_128_GCM_SHA256 (0x1301) TLS_AES_256_GCM_SHA384 (0x1302) TLS_CHACHA20_POLY1305_SHA256 (0x1303) TLS_AES_128_CCM_SHA256 (0x1304)
other tools, such as nmap's ssl-enum-ciphers script, show the correct order.