...
Above command will try to fetch content from my.patientsknowbest.com
.
Context
A cipher suite is a fixed set of algorithms used together to establish a secure network connection to transmit data between to hosts. Cipher suite names are derived from the algorithms used.
...
Tip |
---|
Both server and client has a set of supported cipher suites which must overlap. |
Expected success output
Code Block |
---|
* Trying 35.246.122.93:443... ... * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 ... * Connection #0 to host my.patientsknowbest.com left intact |
...
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
NEXT: Explore ways to update your client software and/or its runtime environment. |
Expected failure output
Code Block |
---|
* Trying 35.246.122.93:443... * Connected to my.patientsknowbest.com (35.246.122.93) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ECDHE-RSA-AES256-SHA384 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [181 bytes data] * TLSv1.2 (IN), TLS header, Unknown (21): { [5 bytes data] * TLSv1.2 (IN), TLS alert, handshake failure (552): { [2 bytes data] * error:0A000410:SSL routines::sslv3 alert handshake failure * Closing connection 0 |
...
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
NEXT: Explore ways to update your client software and/or its runtime environment. |
Trouble shooting
Trouble shooting consists of two steps:
You need to learn what cipher suites your software supports (see steps below).
Compare that with cipher suites our servers support
Consult our PKB API Network Connectivity page or
Run a live scan on SSLLabs.
...
Please consult the table on IANA’s website to see what ciphers are recommended at the moment.
We only want to support secure ciphers.
What ciphers my OS supports?
Linux
Code Block |
---|
openssl ciphers -v |
...
Info |
---|
Kx: (Key Exchange) ECDHE Au: (Authentication) RSA Enc: (Bulk Encryption) AES256-GCM Mac: (Message Authentication) SHA384 |
Windows
View and Modify the Windows Registry Settings for the TLS Cipher Suites:
...