Forum Discussion
Certain Cipher suites are not shown in ssl server test
- Mar 17, 2020
Yes, they are properly assigned. When I change the CIpher rule which is:
TLSv1_3:ECDHE_ECDSA+AES-GCM:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA+CHACHA20-POLY1305:ECDHE+CHACHA20-POLY1305:!DHE+AES-GCM:!TLSv1:!TLSv1_1:!ECDHE+AES:@STRENGTH
I see differencies when checking the ciphers but only ECDHE_ECDSA are not visible into the ssllabs.
I even tried with openssl and sslscan tools via linux and didn't saw it as well....
I just found out the reason. The certificate is created as RSA. which means :
RSA: Specifies that the key is based on the RSA public key encryption algorithm.
So no ECDSA will be presented even allowed in the cipher suite....
Hi Kaloyan,
It looks like ECDHE-ECDSA is not yet implemented on the Qualys SSL Labs test.
REF - https://discussions.qualys.com/thread/19431-tlsv13-and-ecdsa-not-tested
Have you tried with other SSL scan sites?
https://observatory.mozilla.org/ or https://tls.imirhil.fr/
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com