Cipher list


#1

Hello community, this is my first question I hope I am making myself clear.

I have an SAP application that is trying to communicate to an endpoint protected by CF, this connection fails
with “Connection Closed by remote host”.
Doing some troubleshooting I found that no logs are being recorded by CF for that specific host and URI. I am to assume that the connection is not being made at transport level reason why is not being logged.
I noticed the source server is using TLS1.0 as well as CF.

~# sslscan ddpservices-prod.na.sage.com

Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits AES256-SHA256
Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.1 256 bits AES256-SHA
Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA

However, my server is reporting the use of TLS1.0 with TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA which is not listed.

Could this be the cause of the problem?


#2

That’s the same cipher suite. The hyphenated names are from the widely-used OpenSSL library, the names with underscores are from the TLS standard.

I have no idea what issue you’re running into, but it’s not that. :confused: