Hi everyone, thanks for the comments.
> Apparently there are various appropriate offline tools, try > something from here:- ?? > https://github.com/ssllabs/research/wiki/Assessment-Tools Done so, I used cipherscan > [or, alternatively, arrange a temporary port-443 forward through > to the server one way or another... I've done this to test IMAP > servers etc...], so ssllabs can talk to that. Umpf, I prefer not to do that as I probably will get into deep **** from my workplace doing this :-( On Fri, 24 Oct 2014, Daniel Kahn Gillmor wrote: > yes, certainly, though i would suggest "nudge" rather than "kick" -- Yeah, that was not meant physically, I know when I have to be very nice ;-) > It's possible that this is an extension-intolerant SSLv3 server, which > would mean that it only works when no extensions were set at all. So What I got from cipherscan is the following: prio ciphersuite protocols pfs_keysize 1 RC4-SHA SSLv3 2 RC4-MD5 SSLv2,SSLv3 3 EDH-RSA-DES-CBC3-SHA SSLv3 DH,1024bits 4 DES-CBC3-SHA SSLv3 5 EDH-RSA-DES-CBC-SHA SSLv3 DH,1024bits 6 DES-CBC-SHA SSLv3 7 EXP-DES-CBC-SHA SSLv3 RSA,512bits 8 EXP-RC4-MD5 SSLv2,SSLv3 RSA,512bits Does this tell you masters anything? It seems that it is SSLv3 only considering SSLv2 as even worse? Norbert ------------------------------------------------------------------------ PREINING, Norbert http://www.preining.info JAIST, Japan TeX Live & Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13 ------------------------------------------------------------------------ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org