Why does tls_version "TLS 1.2" from howsmyssl rate "Probably Okay" in Chrome on Windows 10 but "Bad" in IE11 on Windows 7?

Question

I'm implementing an API endpoint based on howsmyssl to check the TLS version of clients then notify those clients about whether or not they passed the test. However, several clients have reported failing the test on our site but passing Salesforce's test of the same thing.

Why does tls_version "TLS 1.2" from howsmyssl rate "Probably Okay" in Chrome on Windows 10 but "Bad" in IE11 on Windows 7? Is it just the fact that IE11 supports "insecure_cipher_suites"? Here are the JSON responses for reference:

Chrome on Windows 10

{ "given_cipher_suites": [ "TLS_GREASE_IS_THE_WORD_0A", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA" ], "ephemeral_keys_supported": true, "session_ticket_supported": true, "tls_compression_supported": false, "unknown_cipher_suite_supported": false, "beast_vuln": false, "able_to_detect_n_minus_one_splitting": false, "insecure_cipher_suites": {}, "tls_version": "TLS 1.2", "rating": "Probably Okay" }

IE11 on Windows 7

{ "given_cipher_suites": [ "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_RC4_128_MD5" ], "ephemeral_keys_supported": true, "session_ticket_supported": false, "tls_compression_supported": false, "unknown_cipher_suite_supported": false, "beast_vuln": false, "able_to_detect_n_minus_one_splitting": false, "insecure_cipher_suites": { "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": ["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"], "TLS_RSA_WITH_3DES_EDE_CBC_SHA": ["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"], "TLS_RSA_WITH_RC4_128_MD5": ["uses RC4 which has insecure biases in its output"], "TLS_RSA_WITH_RC4_128_SHA": ["uses RC4 which has insecure biases in its output"] }, "tls_version": "TLS 1.2", "rating": "Bad" }

The ‚bad‘ rating does not apply to tls_version but to other weaknesses like the RC4 and 3DES warnings. The JSON message is just randomly ordered. — eckes, Nov 12 '17 at 06:02

score 4 · Answer 1 · answered Oct 13 '17 at 01:26

Well, from the error message you posted, your IE11 is willing to use some really out of date and broken crypto, but the Chrome does not. That tool even gives you a helpful description of why each one is considered insecure / vulnerable:

"insecure_cipher_suites": {
    "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": ["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"],
    "TLS_RSA_WITH_3DES_EDE_CBC_SHA": ["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"],
    "TLS_RSA_WITH_RC4_128_MD5": ["uses RC4 which has insecure biases in its output"],
    "TLS_RSA_WITH_RC4_128_SHA": ["uses RC4 which has insecure biases in its output"]

Scanning that list of cipher suites with my human eyes, I would agree that the Chrome list is "probably ok" and the IE list is "bad", for exactly the same reasons as stated in the error message. Those are old and insecure, a browser should not be suggesting them to the server. If the server doesn't support any of the new good things, the browser should refuse to display the padlock.

Note that TLS 1.2 is just the version of the protocol (message types), and has almost nothing to do with the crypto. You want to be on TLS 1.2 because it gives you access to the good stuff that's not in 1.1, but 1.2 also supports old bad stuff for backwards compatibility reasons.

score 3 · Answer 2 · answered Oct 12 '17 at 21:00

3

Is it just the fact that IE11 supports "insecure_cipher_suites"?

To cite from the sites documentation:

Insecure Cipher Suites
...
Any client supporting an insecure cipher suite will be marked as Bad.

answered Oct 12 '17 at 21:00

Steffen Ullrich

184,332
29
363
424

Why does tls_version "TLS 1.2" from howsmyssl rate "Probably Okay" in Chrome on Windows 10 but "Bad" in IE11 on Windows 7?

2 Answers2