Hello Maxim, On Tue, 5 Jun 2018, at 23:20:31 [GMT +0300] (which was 22:20 where I live) Maxim wrote:
> The Bat! 8.3.0.26 (BETA) is available at > https://www.ritlabs.com/download/files3/the_bat/beta/tb83026-32.rar > > What's new in 8.3.0.26 since 8.3.0.25: > [+] TLS 1.2 (but ECDHE is not yet supported) Ouch. I tested the wrong port of the IMAP server failing with The Bat!. Forget the two previous mails THIS is the correct analyze! analyze-ssl.pl -v 3 --all-ciphers imap.vivaldi.net:993 + checking host=imap.vivaldi.net(82.221.130.152) port=993 * version SSLv23 no verification, ciphers= -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version SSLv23 no verification, ciphers=HIGH:ALL -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version TLSv1_2 no verification, ciphers= -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version TLSv1_2 no verification, ciphers=HIGH:ALL -> TLSv1_2,ECDHE-RSA-AES256-GCM-SHA384 * version TLSv1_1 no verification, ciphers= -> TLSv1_1,ECDHE-RSA-AES256-SHA * version TLSv1_1 no verification, ciphers=HIGH:ALL -> TLSv1_1,ECDHE-RSA-AES256-SHA * version TLSv1 no verification, ciphers= -> TLSv1,ECDHE-RSA-AES256-SHA * version TLSv1 no verification, ciphers=HIGH:ALL -> TLSv1,ECDHE-RSA-AES256-SHA * version SSLv3, no verification, ciphers= -> FAIL! SSL connect attempt failed because of handshake problems * version SSLv3, no verification, ciphers=HIGH:ALL -> FAIL! SSL connect attempt failed because of handshake problems + successful connect with TLSv1_2, cipher=ECDHE-RSA-AES256-SHA, sni=imap.vivaldi.net and no other TLS extensions + SNI success * same certificate chain in without SNI + certificate verify success + OCSP stapling: no stapled response <3> need to send 120 bytes OCSP request to http://isrg.trustid.ocsp.identrust.com <3> need to send 122 bytes OCSP request to http://ocsp.int-x3.letsencrypt.org + all certificates verified * connect with version TLSv1_2 cipher ECDHE-RSA-AES256-GCM-SHA384 * connect with version TLSv1_2 cipher ECDHE-RSA-AES256-SHA384 * connect with version TLSv1_2 cipher ECDHE-RSA-AES256-SHA * connect with version TLSv1_2 cipher DHE-RSA-AES256-GCM-SHA384 * connect with version TLSv1_2 cipher DHE-RSA-AES256-SHA256 * connect with version TLSv1_2 cipher DHE-RSA-AES256-SHA * connect with version TLSv1_2 cipher DHE-RSA-CAMELLIA256-SHA * connect with version TLSv1_2 cipher ECDHE-RSA-AES128-GCM-SHA256 * connect with version TLSv1_2 cipher ECDHE-RSA-AES128-SHA256 * connect with version TLSv1_2 cipher ECDHE-RSA-AES128-SHA * connect with version TLSv1_2 cipher DHE-RSA-AES128-GCM-SHA256 * connect with version TLSv1_2 cipher DHE-RSA-AES128-SHA256 * connect with version TLSv1_2 cipher DHE-RSA-AES128-SHA * connect with version TLSv1_2 cipher DHE-RSA-CAMELLIA128-SHA * connect with version TLSv1_2 cipher DHE-RSA-SEED-SHA <3> handshake failed with HIGH:ALL:eNULL:!ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-RSA-AES128-GCM-SHA256:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES128-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-SEED-SHA: SSL connect attempt failed because of handshake problems <3> tried with cipher list 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:HIGH:ALL' -> ECDHE-RSA-AES256-GCM-SHA384 <3> tried with cipher list 'ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:HIGH:ALL' -> ECDHE-RSA-AES256-SHA384 * client decides cipher order -- imap.vivaldi.net port 993 * maximum SSL version : TLSv1_2 (SSLv23) * supported SSL versions with handshake used and preferred cipher(s): * handshake protocols ciphers * SSLv23 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 * TLSv1_2 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 * TLSv1_1 TLSv1_1 ECDHE-RSA-AES256-SHA * TLSv1 TLSv1 ECDHE-RSA-AES256-SHA * SSLv3 FAILED: SSL connect attempt failed because of handshake problems * cipher order by : client * SNI supported : ok * certificate verified : ok * chain on 82.221.130.152 * [0/0] bits=2048, ocsp_uri=http://ocsp.int-x3.letsencrypt.org, /CN=imap.vivaldi.net SAN=DNS:imap.vivaldi.net,DNS:mail.vivaldi.net,DNS:pop3.vivaldi.net * [1/1] bits=2048, ocsp_uri=http://isrg.trustid.ocsp.identrust.com, /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 * [-/2] bits=2048, ocsp_uri=, /O=Digital Signature Trust Co./CN=DST Root CA X3 * OCSP stapling : no stapled response * OCSP status : good * supported ciphers with SSLv23 handshake * TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 * TLSv1_2 ECDHE-RSA-AES256-SHA384 * TLSv1_2 ECDHE-RSA-AES256-SHA * TLSv1_2 DHE-RSA-AES256-GCM-SHA384 * TLSv1_2 DHE-RSA-AES256-SHA256 * TLSv1_2 DHE-RSA-AES256-SHA * TLSv1_2 DHE-RSA-CAMELLIA256-SHA * TLSv1_2 ECDHE-RSA-AES128-GCM-SHA256 * TLSv1_2 ECDHE-RSA-AES128-SHA256 * TLSv1_2 ECDHE-RSA-AES128-SHA * TLSv1_2 DHE-RSA-AES128-GCM-SHA256 * TLSv1_2 DHE-RSA-AES128-SHA256 * TLSv1_2 DHE-RSA-AES128-SHA * TLSv1_2 DHE-RSA-CAMELLIA128-SHA * TLSv1_2 DHE-RSA-SEED-SHA -- Regards Gwen Using The Bat! Version 8.3.0.25 (BETA) (32-bit) on Windows 10.0 (Build 17134 )
pgpa_cncpyTXc.pgp
Description: PGP signature
________________________________________________________ Current beta is 8.3.0.26 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
