Insecure Cipher does not always get detected and reported
Summary
One or more insecure ciphers do not get detected and reported, sometimes.
Steps to reproduce
Unclear atm.
Example Project
See: https://www.ssllabs.com/ssltest/analyze.html?d=gallplath.de
curl -v -H 'content-type: application/json; charset=utf8' --data '{"host":["gallplath.de"],"webhook":"https://hooks.slack.com/services/XXXXXX/XXXXXX/XXXXXXXXXXXXXXXXXXXXXX","callbackInvokeForced":"true","ignore": ["PubKeySize"]}' https://tls-tester.compilenix.org/api/enqueue
What is the current bug behavior?
I observed this on gallplath.de with the cipher TLS_RSA_WITH_RC4_128_SHA
.
Sometimes that insecure cipher get detected and reported and sometimes not.
What is the expected behavior?
Ciphers like TLS_RSA_WITH_RC4_128_SHA
and TLS_RSA_WITH_RC4_128_MD5
should be reported as an error.
Relevant logs and/or screenshots
Possible fixes
/cc @CompileNix