How can I find test results for various configurations of SSL, TLS, Key Exchange and Cipher settings in IIS for SMP Agent for Mac communication with the SMP server?
ITMS 8.x
The following charts show test results for various configurations of SSL, TLS, Key Exchange and Cipher settings in IIS for SMP Agent for Mac communication with the SMP server.
While it would be impossible to test every combination, there are several obvious combinations that were tested. The following conditions apply:
The corresponding SSL and TLS settings are found in the Windows registry at: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols. Each subkey has an entry named 'Enabled'. A value of 0 (zero) means disabled/false. Any other value is enabled/true.
The SMP virtual machine is running Windows Server 2012 R2 Standard.
The Mac client is running OS X 10.12.1 and the SMP Agent for Mac version 8.0.3311.
The following table shows test results for when the SMP server is NOT configured to use SSL. It is HTTP only. The default <servername> certificate is bound to port 443. The client is configured to use HTTPS (the agent will fallback to http):
SSL & TLS | Result | Notes | ||||
SSL All | TLS All | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL All | TLS None | Key Exchanges: ALL | Ciphers: ALL | Failed | Some version of both SSL and TLS is required. | |
SSL None | TLS All | Key Exchanges: ALL | Ciphers: ALL | Failed |
|
|
SSL All | TLS 1.0 | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL All | TLS 1.1 | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL All | TLS 1.2 | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL 2.0 | TLS All | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL 2.0 | TLS 1.0 | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL 2.0 | TLS 1.1 | Key Exchanges: ALL | Ciphers: ALL | Failed | SSL 2.0 evidently does not work with TLS 1.1 and 1.2. | |
SSL 2.0 | TLS 1.2 | Key Exchanges: ALL | Ciphers: ALL | Failed | SSL 2.0 evidently does not work with TLS 1.1 and 1.2. | |
SSL 3.0 | TLS All | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL 3.0 | TLS 1.0 | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL 3.0 | TLS 1.1 | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
SSL 3.0 | TLS 1.2 | Key Exchanges: ALL | Ciphers: ALL | Successful | ||
Key Exchanges | ||||||
SSL All | TLS All | Key Exchanges: None | Ciphers: ALL | Failed | ||
SSL All | TLS All | Key Exchanges:Diffie-Heilman only | Ciphers: ALL | Successful | ||
SSL All | TLS All | Key Exchanges:PKCS only | Ciphers: ALL | Successful | ||
SSL All | TLS All | Key Exchanges:ECDH only | Ciphers: ALL | Successful | ||
Ciphers | ||||||
SSL All | TLS All | Key Exchanges All | Ciphers: None | Successful |
The following table shows test results for when the SMP server IS configured to require SSL and accept client certificates. The default <servername> certificate is bound to port 443. The client is configured to use HTTPS (the agent will fallback to http):
SSL & TLS | Result | ||||
SSL All | TLS All | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL All | TLS None | Key Exchanges: ALL | Ciphers: ALL | Failed | TLS is required when SSL is enabled in IIS. |
SSL None | TLS All | Key Exchanges: ALL | Ciphers: ALL | Successful | Verified in the registry - no enabled SSL versions. Not sure why this worked since SSL is required in IIS. |
SSL All | TLS 1.0 | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL All | TLS 1.1 | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL All | TLS 1.2 | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL 2.0 | TLS All | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL 2.0 | TLS 1.0 | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL 2.0 | TLS 1.1 | Key Exchanges: ALL | Ciphers: ALL | Failed | |
SSL 2.0 | TLS 1.2 | Key Exchanges: ALL | Ciphers: ALL | Failed | |
SSL 3.0 | TLS All | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL 3.0 | TLS 1.0 | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL 3.0 | TLS 1.1 | Key Exchanges: ALL | Ciphers: ALL | Successful | |
SSL 3.0 | TLS 1.2 | Key Exchanges: ALL | Ciphers: ALL | Successful | |
Key Exchanges | |||||
SSL All | TLS All | Key Exchanges: None | Ciphers: ALL | Failed | |
SSL All | TLS All | Key Exchanges:Diffie-Heilman only | Ciphers: ALL | Successful | |
SSL All | TLS All | Key Exchanges:PKCS only | Ciphers: ALL | Successful | |
SSL All | TLS All | Key Exchanges:ECDH only | Ciphers: ALL | Successful | |
Ciphers | |||||
SSL All | TLS All | Key Exchanges All | Ciphers: None | Failed |