Forum Discussion
Lidev
MVP
Have you try the same test (openssl s_clien)t but with tls1.2 to see if the result is the same (certificate expired)?
openssl s_client -tls1_2 -connect 20.0.5.25:443
Lidev
Sep 17, 2020MVP
Okay, makes a tcpdump or ssl dump and compares the Ciphers Suites negotiated with the client during the SSL Handshake.
TLS 1.3 has eliminated support for algorithms and ciphers that are practically vulnerable.
- RC4 Stream Cipher
- RSA Key Exchange
- SHA-1 Hash Function
- CBC (Block) Mode Ciphers
- MD5 Algorithm
- Various non-ephemeral Diffie-Hellman groups
- EXPORT-strength ciphers
- DES
- 3DES