Gurken Papst

Handshake Simulation in SSL Server Test reporting to use cipher, that is disabled at server side

Discussion created by Gurken Papst on Aug 11, 2014
Latest reply on Aug 12, 2014 by Ivan Ristić

While trying to get rid of RC4, I have observed a strange behavior of SSL Server Test: While I think I have disabled RC4 ciphers on the server side and the list of cipher suites shown by the SSL Server Test seems to confirm this, the handshake simulation in the same test result tells me, that Android 2.3.7, IE 6 / XP, IE 8 / XP and Java 6u45 would be using TLS_RSA_WITH_RC4_128_MD5. The attached screenshot shows the problem. What is going on here?