KM74-Goanna CERTS+CIPHERS (Cypher):
In some cases even KM74-Goanna throws such an awful
"Error code: ssl_error_
no_cypher_overlap"
Right now here:
https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
Mozilla is one of those 'random' sites which mostly work but not always. It even has happened in 2-3 cases so far, that a page was cypher-broken in a newer browser (Opera orRetroZ so far) and then actually did work in ancient KM1.6
This current example above now worked in retrozilla-FF2.
Clicking on the lock icon in RZ it pops up lots of page properties (didn't know, looks cool!). Can't find a specific certificate, but as with a previous problem-site the
issuer is again Amazon. And something with OU=Server CA 1B
============ CERTS+CIPHERS =============
https://www.howsmyssl.com/
BAD: 12 / 37
Your client supports cipher suites that are known to be insecure:
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: This cipher suite was meant to die with SSL 3.0 and is of unknown safety.
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.
TLS_ECDHE_RSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.
TLS_ECDH_ECDSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.
TLS_ECDH_RSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.
TLS_RSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.
TLS_RSA_WITH_RC4_128_MD5: This cipher suite uses RC4 which has insecure biases in its output.
TLS_RSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.
GOOD: 25 / 37
OFFERED BY BROWSER: 37
The cipher suites your client said it supports, in the order it sent them, are:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
KM74-Goanna on win98, noted yesterday:
http://mybrowserinfo.com/
That site seems to have a httpS version too, but can only connect to http.
httpS only does the usual jumping back and forth in the statusbar, showing "Connecting... / Connected... / Connecting... / Connected... "
(This is still with the 3 COPIED db-files from another profile, due to messed Kex)