Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

incorrect cipher suite order for TLS 1.3 #950

Open
lilyanatia opened this issue Dec 11, 2023 · 2 comments
Open

incorrect cipher suite order for TLS 1.3 #950

lilyanatia opened this issue Dec 11, 2023 · 2 comments
Assignees
@naumanshah03

Comments

@lilyanatia
Copy link

I have a server that supports the following cipher suites, in this order, with the prefer ChaCha20 setting enabled:

TLS_AES_128_GCM_SHA256 (0x1301)
TLS_AES_256_GCM_SHA384 (0x1302)
TLS_AES_128_CCM_SHA256 (0x1304)
TLS_CHACHA20_POLY1305_SHA256 (0x1303)

SSL Labs shows this incorrect order:
TLS_AES_128_GCM_SHA256 (0x1301)
TLS_AES_256_GCM_SHA384 (0x1302)
TLS_CHACHA20_POLY1305_SHA256 (0x1303)
TLS_AES_128_CCM_SHA256 (0x1304)

other tools, such as nmap's ssl-enum-ciphers script, show the correct order.
@naumanshah03
Copy link
Member

Hi @lilyanatia

Could you please share the domain name to investigate this issue?

Regards,
Nauman Shah

@lilyanatia
Copy link
Author

Could you please share the domain name to investigate this issue?

the server that I encountered this issue with has been reconfigured to disable AES 128 due to concerns about multi-target attacks.

it should be simple enough for you to set up a test server with the same cipher suites if you care about fixing the bug, but it's no longer my problem.

@naumanshah03 naumanshah03 self-assigned this Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@naumanshah03 naumanshah03

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lilyanatia @naumanshah03