The SSL Ciphers that Jetty is allowed to use is defined in installation.properties located in the {RHYTHMYX_HOME}jettybaseetc directory.
Browser / OS Status IE 11 / Win 8.1 Supported IE Mobile 10 / Win Phone 8.0 Unsupported IE Mobile 11 / Win Phone 8.1 Supported Java 6u45 Unsupported Java 7u25 Unsupported Java 8u31 Supported OpenSSL 0.9.8y Unsupported OpenSSL 1.0.1l Supported OpenSSL 1.0.2 Supported Safari 5.1.9 / OS X 10.6.8 Unsupported Safari 6 / iOS 6.0.1 Supported.
Sslciphers ecdhe-rsa-aes128-gcm-sha256:ecdhe-ecdsa-aes128-gcm-sha256:ecdhe-rsa-aes128-sha256:ecdhe-ecdsa-aes128-sha256:ecdhe-rsa-aes128-sha:ecdhe-ecdsa-aes128-sha:dhe-rsa-aes128-gcm-sha256:dhe-ecdsa-aes128-gcm-sha256:dhe-rsa-aes128-sha256:dhe-ecdsa-aes128-sha256:dhe-rsa-aes128-sha:dhe-ecdsa-aes128-sha. Safari 5.1.9 / os x 10.6.8 tls 1.0. May 29, 2018 End of TLS 1.0 support. DocuSign is ending support for TLS 1.0 on June 25, 2018. This date has been set by the PCI Security Standards Council.
By default we restrict the ciphers we use to a modern level. However any cipher from the intermediate group can be added to the perc.ssl.includeCiphers entry in installation.properties for Rhythmyx to use.
Modern Ciphers
If you want the least amount of security vulnerabilities, then Percussion recommends using only the modern ciphers and only using the TLSv1.2 protocol.
Handshake Simulation |
Android 2.3.7 No SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 |
Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
Android 4.2.2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
Android 4.3 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
Android 5.0.0 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
Baidu Jan 2015 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
BingPreview Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
Chrome 42 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
Firefox 31.3.0 ESR / Win 7 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
Firefox 37 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
Googlebot Feb 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
IE 6 / XP No FS 1 No SNI 2 Protocol or cipher suite mismatch Fail3 |
IE 7 / Vista TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
IE 8 / XP No FS 1 No SNI 2 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) No FS 112 |
IE 8-10 / Win 7 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
IE 11 / Win 7 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
IE 11 / Win 8.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
Java 6u45 No SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 |
Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 |
Java 8u31 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256 |
OpenSSL 1.0.1l R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
OpenSSL 1.0.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
Safari 6 / iOS 6.0.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 |
Safari 7 / iOS 7.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
Safari 7 / OS X 10.9 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
Safari 8 / iOS 8.1.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
Safari 8 / OS X 10.10 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 |
Yahoo Slurp Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
YandexBot Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 |
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. |
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. |
(3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version. |
(R) Denotes a reference browser or client, with which we expect better effective security. |
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). |
Os X Download
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment