Forum Discussion
LyonsG_85618
Jun 10, 2014Cirrostratus
If i use DEFAULT:!TLSv1_1:!TLSv1_2 I can't see RC4-MD5 ciphers:
tmm --clientciphers 'DEFAULT:!TLSv1_1:!TLSv1_2'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 5 RC4-SHA 128 SSL3 Native RC4 SHA RSA
1: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA
2: 47 AES128-SHA 128 SSL3 Native AES SHA RSA
3: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
4: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
5: 53 AES256-SHA 256 SSL3 Native AES SHA RSA
6: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
7: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
8: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA
9: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
10: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
11: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
12: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
13: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
And still get error in log:
SSL Handshake failed for TCP from 172.31.81.95:65417 to 172.31.100.195:443
If use 'MEDIUM:!TLSv1_1:!TLSv1_2'
tmm --clientciphers 'MEDIUM:!TLSv1_1:!TLSv1_2'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 4 RC4-MD5 128 SSL3 Native RC4 MD5 RSA
1: 4 RC4-MD5 128 TLS1 Native RC4 MD5 RSA
2: 5 RC4-SHA 128 SSL3 Native RC4 SHA RSA
3: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA
4: 47 AES128-SHA 128 SSL3 Native AES SHA RSA
5: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
6: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
7: 51 DHE-RSA-AES128-SHA 128 SSL3 Native AES SHA EDH/RSA
8: 51 DHE-RSA-AES128-SHA 128 TLS1 Native AES SHA EDH/RSA
9: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
I can see RC4-MD5 ciphers but get the following in the log:
Jun 10 09:44:48 bipscint2 notice tmm2[13424]: 01260018:5: Connection attempt to insecure SSL server (see RFC5746): 172.31.100.195:443
Jun 10 09:44:48 bipscint2 info tmm2[13424]: 01260013:6: SSL Handshake failed for TCP from 172.31.81.95:65533 to 172.31.100.195:443
- Cory_50405Jun 10, 2014NoctilucentIf you use cipher string MEDIUM:!TLSv1_1:!TLSV1_2, and set secure renegotiation to 'request', does it work?
- LyonsG_85618Jun 10, 2014Cirrostratusno Cory. Still get same error SL Handshake failed for TCP from 172.31.81.95:49844 to 172.31.100.195:443
- Cory_50405Jun 10, 2014NoctilucentJust for the sake of proving it'll work, change the cipher string to ALL and see if that works. If it goes, grab an ssldump and see what ciphers the server supports.
- LyonsG_85618Jun 10, 2014CirrostratusTried that and get same error:.. Connection attempt to insecure SSL server (see RFC5746): 172.31.100.195:443 SSL Handshake failed for TCP from 172.31.81.95:51593 to 172.31.100.195:443
- Cory_50405Jun 10, 2014NoctilucentCan you try applying the 'serverssl-insecure-compatible' SSL server profile to your virtual server and see if that works?
- LyonsG_85618Jun 10, 2014CirrostratusCory - thanks. I have tried that too and still get same issue.
- Cory_50405Jun 10, 2014NoctilucentDoes it work if you perform a curl on the webpage? curl -k https://172.31.100.195
- LyonsG_85618Jun 10, 2014CirrostratusYes - curl, opensll etc all work ~ curl -k https://172.31.100.195 403 Forbidden Forbidden
You don't have permission to access / on this server.
- Cory_50405Jun 10, 2014NoctilucentI'm about out of ideas. Has support been of any help?
- LyonsG_85618Jun 10, 2014CirrostratusCory - I know that feeling! Still awiting support feedback....will posy up fix when i get it! Thanks for your help!