The way we try different protocols to use works like this:
- Start with TLS1.*
- If a TLS error is returned we then move on to...
- SSLv3 and if that fails
- A SSL/TLS error is logged if all these fail and a second opinion is conducted.
Our probes support most ciphers used:
We still us SSL version 3 to make requests at times because many servers out there still expects this and will break if another protocol is used.
What this means in reality is that if your site has any sort of error page when a specific encryption is used, instead of asking to renegotiate, it might fail from our end.
Our Root cause analysis tool is running HTTP 1.0 at the moment and is thus somewhat outdated when it comes to certain pages.