Forum Discussion

Kaloyan's avatar
Kaloyan
Icon for Cirrus rankCirrus
Mar 17, 2020
Solved

Certain Cipher suites are not shown in ssl server test

Hi, I am running version 15.1.0. I configured client-ssl profile with cipher group as I need to enable TLSv1.3 The cipher group has a rule which enables certain cipher suites only: TLSv1_3:ECDHE_E...
  • Kaloyan's avatar
    Mar 17, 2020

    Yes, they are properly assigned. When I change the CIpher rule which is:

    TLSv1_3:ECDHE_ECDSA+AES-GCM:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA+CHACHA20-POLY1305:ECDHE+CHACHA20-POLY1305:!DHE+AES-GCM:!TLSv1:!TLSv1_1:!ECDHE+AES:@STRENGTH

     

    I see differencies when checking the ciphers but only ECDHE_ECDSA are not visible into the ssllabs.

    I even tried with openssl and sslscan tools via linux and didn't saw it as well....

    I just found out the reason. The certificate is created as RSA. which means :

    RSA: Specifies that the key is based on the RSA public key encryption algorithm.              

    So no ECDSA will be presented even allowed in the cipher suite....