Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Phase out ciphers not always detected #1325

Open
baknu opened this issue Mar 12, 2024 · 2 comments
Open

Phase out ciphers not always detected #1325

baknu opened this issue Mar 12, 2024 · 2 comments
Assignees
@mxsasha
Labels
bug Unexpected or unwanted behaviour of current implementations
Milestone
tls-update

Comments

@baknu
Copy link
Contributor

baknu commented Mar 12, 2024

Exchange Online currently seems to support several 'phase out' ciphers (see list below). However, at the moment Internet.nl does not seem to detect these.

'AES256-GCM-SHA384 (TLS_RSA_WITH_AES_256_GCM_SHA384)', 
'AES256-SHA256 (TLS_RSA_WITH_AES_256_CBC_SHA256)', 
'AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA)', 
'AES128-GCM-SHA256 (TLS_RSA_WITH_AES_128_GCM_SHA256)', 
'AES128-SHA256 (TLS_RSA_WITH_AES_128_CBC_SHA256)', 
'AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA)'

This will probably get fixed via #1218 .
@baknu baknu added the bug Unexpected or unwanted behaviour of current implementations label Mar 12, 2024
@baknu baknu added this to the v1.9 milestone Mar 12, 2024
@mxsasha mxsasha modified the milestones: v1.9, tls-update Mar 12, 2024
@mxsasha
Copy link
Collaborator

mxsasha commented Mar 12, 2024

Note that testssl confirms they are enabled, and they're not exactly obscure ciphers, so it's a surprise our current production does not detect them.

@dennisbaaten
Copy link
Contributor

dennisbaaten commented Oct 28, 2024
edited
Loading

This issue is still open, but I noticed in this test result that the cipher AES256-GCM-SHA384 was detected as 'phase out'.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mxsasha mxsasha

Labels
bug Unexpected or unwanted behaviour of current implementations
Milestone
tls-update
Development

No branches or pull requests
3 participants
@mxsasha @baknu @dennisbaaten