swscan.apple.com provides neither TLS 1.1 nor TLS 1.2but only TLS 1.0 with bad ciphers
| Originator: | pepi.zawodsky | ||
| Number: | rdar://18707535 | Date Originated: | 20-Oct-2014 04:05 PM |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | https://swscan.apple.com |
| Classification: | Security | Reproducible: | Always |
Summary: Provide a descriptive summary of the issue. Steps to Reproduce: Check for supported TLS protocol versions and cipher suites on swscan.apple.com Expected Results: Apple's software scan service should offer the best transport security with TLS 1.2 to protect user's software updates. Actual Results: TLS 1.0 available only. RC4 cipher in use which should not be used at ALL anymore. 3DES cipher offered which should not be used at ALL anymore. No forward secrecy provided by DHE or ECDHE handshake but only plain RSA available. https://dev.ssllabs.com/ssltest/analyze.html?d=swscan.apple.com Regression: SSLv3 has been turned off which is good and mitigates the POODLE attack!
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!