Forum Discussion
Kaloyan
Cirrus
CirrusCertain Cipher suites are not shown in ssl server test
Hi, I am running version 15.1.0. I configured client-ssl profile with cipher group as I need to enable TLSv1.3 The cipher group has a rule which enables certain cipher suites only: TLSv1_3:ECDHE_E...
Yes, they are properly assigned. When I change the CIpher rule which is:
TLSv1_3:ECDHE_ECDSA+AES-GCM:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA+CHACHA20-POLY1305:ECDHE+CHACHA20-POLY1305:!DHE+AES-GCM:!TLSv1:!TLSv1_1:!ECDHE+AES:@STRENGTH
I see differencies when checking the ciphers but only ECDHE_ECDSA are not visible into the ssllabs.
I even tried with openssl and sslscan tools via linux and didn't saw it as well....
I just found out the reason. The certificate is created as RSA. which means :
RSA: Specifies that the key is based on the RSA public key encryption algorithm.
So no ECDSA will be presented even allowed in the cipher suite....
KaloyanCirrus
CirrusYes, they are properly assigned. When I change the CIpher rule which is:
TLSv1_3:ECDHE_ECDSA+AES-GCM:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA+CHACHA20-POLY1305:ECDHE+CHACHA20-POLY1305:!DHE+AES-GCM:!TLSv1:!TLSv1_1:!ECDHE+AES:@STRENGTH
I see differencies when checking the ciphers but only ECDHE_ECDSA are not visible into the ssllabs.
I even tried with openssl and sslscan tools via linux and didn't saw it as well....
I just found out the reason. The certificate is created as RSA. which means :
RSA: Specifies that the key is based on the RSA public key encryption algorithm.
So no ECDSA will be presented even allowed in the cipher suite....
Evergrim
Altocumulus
AltocumulusThanks a lot... spent the whole day on the same issue. Sometimes it is that easy 😄