http://bugzilla.opensuse.org/show_bug.cgi?id=902781
--- Comment #5 from Sebastian K ---
big big thx for implementing support for PFS Matthew! :-)
still, the default encryption method selected by the servers is RC4-SHA if
supported. this is also checked by ssllabs.com under Handshake Simulation with
different browsers (see screenshot
http://prohtmeyhet.de/uploads/opensuse-ssl.png). for example you can see that
with Firefox 32 RC4 is selected (if that firefox supports/enables RC4):
Firefox 32 / OS X R TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5)
you can test this yourself (also on your test servers) with sslscan from
https://github.com/rbsec/sslscan (see Preferred Server Cipher(s)):
--------------------------------------------
./sslscan www.suse.com
Version: 1.9.7-rbsec-10-gb730ff2
OpenSSL 1.0.1i-fips 6 Aug 2014
OpenSSL version does not support SSLv2
SSLv2 ciphers will not be detected
Testing SSL server www.suse.com on port 443
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed
Supported Server Cipher(s):
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA
Accepted SSLv3 112 bits DES-CBC3-SHA
Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 128 bits RC4-MD5
Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Preferred Server Cipher(s):
SSLv3 128 bits RC4-SHA
TLSv1.0 128 bits RC4-SHA
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
--
You are receiving this mail because:
You are on the CC list for the bug.