The Qualsys report on Android is not accurate. We have disabled all protocols to pass 3.1 certification and our findings are:
1. MacOSX - current updates applied - OK 2. Windows 8, 10 - all OK 3. Windows 7 - sporadic failure 4. Android - non-google and non-amazon - failure on all revisions in the wild 5. Android - google - good after 4.1 6. Android - Amazon (Silk) - good 7. Wndows 7 with IE11 - ok 8. Java (JDK) clients - mostly fail, some ok with updates 9. iPhone iOS - current updates applied - OK 10. Windows Phone 8.1 - ok 11. Windows Phone 7 - unknown The Qualsys report shows that Android 4.1 works without TLS1, but that's only true for google branded devices. We have a Samsung Galaxy Note 2 from this year and it will not connect to a TLS1.2 only server. The Java/Android world is likely going to be the worst performing of your client base until next year. Everyone else has updated their client software to handle TLS 1.2. We are using the recommended changes from Ralph G in his thread titled " Avoid [i hope] Crime vulnerability on 2.7f upstream". -- Jake -----Original Message----- From: Xan Charbonnet [mailto:[email protected]] Sent: Thursday, September 17, 2015 1:05 PM To: [email protected] Subject: Re: [Pound Mailing List] SSL Protocol and SSL Cipher logging You could running a Qualys SSL test https://www.ssllabs.com/ssltest/ and look for the browsers which don't use TLS1.2, and compare that to your logs of user-agent strings. On 09/17/2015 02:30 PM, Andrew Barringer wrote: > > With the upcoming deprecation of TLS 1.0 & 1.1 for PCI 3.1 compliance we need > to know what protocol and cipher suites are being used by our clients. This > will give us an indication of what to expect when we have to drop TLS 1.0 & > 1.1 support. > > Is there a way to log the SSL_PROTOCOL and SSL_CIPHER with pound as is > possible with apaches mod_ssl? > > > Thanks, > Andy > > > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
