AnsweredAssumed Answered

Would this chipher combo get an B or A ?

Question asked by Rob_T on Mar 2, 2018
Latest reply on Mar 6, 2018 by Bhushan Lokhande



since new grading this month, there are two new cases which cause a downgrade to B:

A) This server does not support Forward Secrecy with the reference browsers. Grade capped to B
B) This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B

I wonder what will happen when server have such Kind of cipher set:


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (or other FS RSA variant) as priorized cipher
and TLS_RSA_WITH_AES_128_GCM_SHA256 (or other static AEAD variant)

I assume it would get an A cause ref browser would use non-AEAD but FS cipher and otherwise server also "Supports" an AEAD cipher.

But in fact only ONE of these ciphers is used (FS-nonAEAD or AEAD-nonFS) at same time.
Which would be quite absurd (imho) if it get an "A" than, isn't it ?