sslscan icon indicating copy to clipboard operation
sslscan copied to clipboard
verified publisher icon DinoTools

Preferred Server Cipher(s) are misleading

Open tyll opened this issue 11 years ago • 0 comments

If a TLS server does not have a cipher preference, it uses the first client's cipher that it supports. Therefore it is actually not a preferred server cipher in this case. For example for apache/mod_ssl, the following setting needs to be set to make the server have preferred ciphers:

SSLHonorCipherOrder on

tyll avatar Sep 14 '14 07:09 tyll