Hello, While trying to make sense of the appalling connection success rate in v9.2.3.0, I have looked at the TLS session and observed the following:
1. After receiving ACK, TB! starts ClientHello advertising support of 26 different cipher suits. Some of them look questionably at best and concerning at worst. 3. In particular TLS_RSA_WITH_RC4_128_MD5 is prohibited by IETF (see the RFC 7465) and 3DES_EDE_CBC_SHA has rather limited use in 2020. I am not quite sure if this affects failing sessions, but perhaps RitLabs can restrict the list to something more up-to-date? For example: 1. ECDHE-RSA-AES128-GCM-SHA256 2. ECDHE-ECDSA-AES256-GCM-SHA384 3. ECDHE-RSA-AES256-GCM-SHA384 4. ECDHE-ECDSA-CHACHA20-POLY1305 5. ECDHE-RSA-CHACHA20-POLY1305 6. DHE-RSA-AES128-GCM-SHA256 7. DHE-RSA-AES256-GCM-SHA384 Additionally, I would check if TB! has TLS 1.0/1.1 disabled. v1.2 has turned 12 years old last month :) -- v9.2.3.0 x64 on Windows 10 18363 ________________________________________________ Current version is 9.1.18 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
