« SSL Threat Model | Main | Analysis of Elliptic Curve support in current browsers »

September 22, 2009

SSL Labs: Improved Elliptic Curve and TLS 1.2 detection

The latest version of the SSL assessment software running on SSL Labs features much better detection of the SSL servers that use Elliptic Curve cryptography, TLS 1.1 and TLS 1.2. Windows Server 2008 leads when it comes to these technologies and Microsoft's test server (tls.woodgrovebank.com) demonstrates that very well. Sadly, there's currently no browser that can talk to the Windows Server 2008 in a way that uses all the capabilities that are on offer. Even IE8 has some of the high-end features disabled and gets some others wrong.

I must mention Adrian Dimcev, who pushed me to get this work done. He worked relentlessly to figure out the exact combinations of handshake bits (literally) that produce desired results. I've urged Adrian to describe his findings for everyone to read, and let's hope that he'll do that. In the meantime, his recent blog post provides a bunch of useful information on TLS 1.2.

Posted by Ivan Ristić at 10:33:15 in SSL

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fd889f288340120a58c5baa970b

Listed below are links to weblogs that reference SSL Labs: Improved Elliptic Curve and TLS 1.2 detection:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.

MY WORK

IronBee is the next generation web application firewall engine, and it's open source too.
ModSecurity Handbok cover
ModSecurity Handbook is the definitive guide to the world's most popular web application firewall.
Apache Security cover
Apache Security is the complete guide to securing your Apache web server.
SSL Labs offers a comprehensive SSL security assessment consisting of 250+ checks. To start, enter your domain name below:

ABOUT ME

Ivan Ristić is an open source advocate, entrepreneur, writer, programmer and web security specialist. He is the principal author of ModSecurity, the open source web application firewall, and the author of Apache Security, a concise yet comprehensive web security guide for the Apache web server.   [LinkedIn Profile]

My Photo

TWITTER

@ivanristic

    Categories

    Archives

    FEEDS